Re: Kernel upgrades = security upgrades - a possible solution?

To: debian-user@lists.debian.org
Subject: Re: Kernel upgrades = security upgrades - a possible solution?
From: Seth R Arnold <sarnold@willamette.edu>
Date: Wed, 29 Sep 1999 02:42:38 -0700
Message-id: <[🔎] 19990929024238.A12008@willamette.edu>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 19990929102743.A32708@pandora.info.bielsko.pl>; from Marcin Owsiany on Wed, Sep 29, 1999 at 10:27:43AM +0000
References: <[🔎] 37F130DC.F7A0C4B4@baxter.net> <[🔎] E11W5NH-0003gE-00@ppp-x9-36.ecn.purdue.edu> <[🔎] 19990929005828.E881@pecet.info.bielsko.pl> <[🔎] 99092821442800.27168@ghoti> <[🔎] 19990929102743.A32708@pandora.info.bielsko.pl>

On Wed, Sep 29, 1999 at 10:27:43AM +0000, Marcin Owsiany wrote:
> On Tue, Sep 28, 1999 at 09:41:26PM -0500, Ashley Clark wrote:
> > On Tue, 28 Sep 1999, Marcin Owsiany wrote:
> > > the way to solve the problem would be to create a package called e.g.
> > > "secure-kernel", which would depend on the most secure "kernel-image-<ver>".
> > > Then if the security team has newer kernel with security bugfixes, they
> > > would make a new version of "secure-kernel" which would depend on the fixed
> > > kernel.
> > 
> > I, for one, wouldn't want my kernel upgraded automatically, no matter
> > what the fixes involved are. Here's why: I have compiled my own
> > kernel with my hardware selected (sound, tape drive, scsi card,
> > network card) and Debian simply can't afford to make all possible
> > combinations of kernel configurations to provide an easy upgrade path
> > for users. Now, possibly there could be some kind of secure-kernel
> > package which would do nothing more than simply inform you during
> > upgrade that a newer kernel with such-and-such security patches is
> > available and recommend how to upgrade, that's seems more reasonable
> > to me at least.
> 
> That is the point of this idea. If you want your kernel to be upgraded
> automatically, you install secure-kernel, if you only want to be informed,
> you install secure-kernel-info, if you don't care at all, you instal
> neither.

I am still very leery of automatic kernel updating... I do rather like the
idea of secure-kernel-info, as Marcin has described it, but it needs a
better name; secure-kernel just won't do it. kernel-update-watcher perhaps.

However, if security is enough of an issue for you that you think a kernel
package should be made around it, maybe you should keep an eye on bugtraq
and freshmeat, or a cron-job to grab the LATEST-VERSION-IS file from the
kernel.org servers -- no matter which approach is taken, it will be faster
than waiting for a new kernel package to come along...

-- 
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

Reply to:

Follow-Ups:
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>

References:
- Re: Kernel upgrades = security upgrades
  - From: Fraser Campbell <fraser@baxter.net>
- Re: Kernel upgrades = security upgrades
  - From: Brian Servis <servis@purdue.edu>
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Ashley Clark <aclark@ghoti.org>
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>

Prev by Date: Re: Kernel upgrades = security upgrades - a possible solution?
Next by Date: Re: Kernel upgrades = security upgrades - a possible solution?
Previous by thread: Re: Kernel upgrades = security upgrades - a possible solution?
Next by thread: Re: Kernel upgrades = security upgrades - a possible solution?
Index(es):
- Date
- Thread