Re: down to the core
On 24 Jul 2004, Mike Mestnik wrote:
> It's a sad day indeed when ppl equate patching with security.
That, frankly, didn't seem like the OPs point at all. He asked if, while
he was building a custom kernel anyway, there was anything else worth
adding.
That is rather different from "I must patch to increase security".
[...]
> Just to make things clear kernel patches SHOULD be considered a security
> risk.
...because, y'know, plugging a network cable into a machine isn't a
security risk, and trusting the Debian maintainer isn't a security
risk...
> Learn to work within what is stable and true(2.4 or better 2.2) or
> sacrifice your security for freedom you will.
That statement is rather more fear than fact, isn't it?
> 1. Debian's initrd uses the cramfs patch, not found in the pristine
> source, using these kernels may result in an undesired affect or boot
> hack. It's true that it's relatively easy to get a prestine kernel
> booting.
So, are you saying that Debian kernels are a security risk, so should be
avoided in favor of the kernel.org kernel?
I must admit that there have been, to my knowledge, no less security
holes in the upstream kernel than the Debian tree, and they are fixed
quite promptly - often faster than a new upstream release kernel comes
out...
Certainly, it seems unfounded to state that the Debian kernels are less
well secured than the upstream kernel -- especially in view of the
development policy that has distributions like Debian responsible for
the final stabilization of the kernel code...
> 2. Using patches against the debian kernel tree is an even worse idea, you
> never know what kind of doors you will open. It's true there are patches
> out there for the debian source trees, but these are the exception not the
> rule.
The majority of patches for the upstream tree apply to the Debian tree,
and a reasonable number are already packaged and maintained for Debian.
Daniel
--
Among those whom I like, I can find no common denominator,
but among those whom I love, I can: all of them make me laugh.
-- W.H. Auden
Reply to: