Dear Security Team and Kernel Team,
As the subject states, we are reaching out concerning the linux live-patching project, a.k.a ITP bug #1070494 (
https://bugs.debian.org/1070494).
TL;DR: we think it would be great to discuss our project idea with you, and
you are of course welcome to get involved.
We are working toward designing+developing a kpatch-based tooling for introducing linux live-patching in Debian. We have decided to go forward a client-server architecture that would help to build livepatches packages in a central service and distribute them to the users via a specific client application (similar to what is done by some commercial distributions).
We know there are lot of questions to be answered (and more to be asked), regarding:
* Architectures to be supported, other than amd64
* The format of the livepatch packages to be distributed
* CVEs triaging (what severity warrants a livepatch)
* Support time for specific debian kernel versions
* Secure boot support (at a second stage)
* etc
And we aim to tackle them in the upcoming months. Please, don't hesitate
to raise any concern or share any thought you may have.
For the moment, and for being able to discuss about the project design+development, we would need communication support, which means e.g. mailing list and IRC channel. Kernel team, is it OK if we use debian-kernel@l.d.o? We could request a specific mailing list if you prefer. Same question for the IRC channel. In other words, we are looking for a place for the project so we can discuss more openly.
Cheers,
Emmanuel and Santiago
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCZzPQvQAKCRAn3j1FEEiG 7/3rAQD3fP5TjWQIukmTqijIRo9yEqK3OHHa19d5aGHR6JoPsgD+LCTAweDNMihq PQmfS7f5tDXf0gT9K1CgssGr9fSMDAU=
=OKdY
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)