The linux-stable security tree project

From: Sasha Levin <sasha.levin-AT-oracle.com> To: LKML <linux-kernel-AT-vger.kernel.org>, stable <stable-AT-vger.kernel.org> Subject: [ANNOUNCE] linux-stable security tree Date: Mon, 11 Apr 2016 13:53:41 -0400 Message-ID: <570BE4A5.20200@oracle.com> Cc: lwn-AT-lwn.net Archive-link: Article, Thread

Hi all, I'd like to announce the linux-stable security tree project. The purpose is to create a derivative tree from the regular stable tree that would contain only commits that fix security vulnerabilities. Quite a few users of the stable trees pointed out that on complex deployments, where validation is non-trivial, there is little incentive to follow the stable tree after the product has been deployed to production. There is no interest in "random" kernel fixes and the only requirements are to keep up with security vulnerabilities. Given this, a few projects preferred to delay important kernel updates, and a few even stopped updating the tree altogether, exposing them to critical vulnerabilities. This project provides an easy way to receive only important security commits, which are usually only a few in each release, and makes it easy to incorporate them into existing projects. The tree is available at: https://git.kernel.org/cgit/linux/kernel/git/sashal/linux... Support is provided for all active -stable trees (https://www.kernel.org/category/releases.html). Branches/tags for unsupported versions of >=3.0 kernels were also generated for reference. Thanks, Sasha