Re: Kernel upgrades = security upgrades - a possible solution?
On Tue, 28 Sep 1999, Marcin Owsiany wrote:
> the way to solve the problem would be to create a package called e.g.
> "secure-kernel", which would depend on the most secure "kernel-image-<ver>".
> Then if the security team has newer kernel with security bugfixes, they
> would make a new version of "secure-kernel" which would depend on the fixed
> kernel.
I, for one, wouldn't want my kernel upgraded automatically, no matter
what the fixes involved are. Here's why: I have compiled my own
kernel with my hardware selected (sound, tape drive, scsi card,
network card) and Debian simply can't afford to make all possible
combinations of kernel configurations to provide an easy upgrade path
for users. Now, possibly there could be some kind of secure-kernel
package which would do nothing more than simply inform you during
upgrade that a newer kernel with such-and-such security patches is
available and recommend how to upgrade, that's seems more reasonable
to me at least.
--
Ashley Clark
Reply to: