[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Generating a cloud / VM kernel package

On Sat, Aug 26, 2017 at 11:48:22AM +0200, Thomas Goirand wrote:
>                   This makes the kernel binary package a lot smaller,

Is the size a problem right now?

> and also potentially reduces the surface of attack in case of a security
> problem.

What attach surface?

>          For example, we wouldn't need ax25, appletalk and such, which
> are unfortunately automatically loaded in case matching packets are
> received by the kernel,

This is long gone.  And apart from OpenStack you would not receive such
packets ever anyway.

>                                Most hardware drivers would also go away.

Which ones?

> Could we see this happening in Debian? Please let us know your thoughts.

Please provide numbers what benefits such a seperate kernel package
would provide.  Apart from the raw size I'm not seeing it.

Also the addition of a different package means that we need to track
hardware requirements for the different cloud vendors pretty closely.
So please define what you think should be in it and what should be not.

Recently there have been several changes on what drivers are needed.
EC2 started to switch to virtual functions for the network devices.
Azure does this as well as option for the larges VM sizes, using large
Mellanox cards.

Other vendors may as well, but would you get the memo that something new
it needed?  Especially OpenStack runs in such diverse environments
that you may find everything.


Immortality consists largely of boredom.
		-- Zefrem Cochrane, "Metamorphosis", stardate 3219.8

Reply to: