On Monday, 20 December 2021 00:03:51 CET Max WillB wrote: > 3. Inform the users that using anything but the latest version of the kernel > (2) and other packages comes with inherent risks and explain them (delays > in backporting fixes and known vulnerabilities not being disclosed) > > (2) https://security.googleblog.com/2021/08/linux-kernel-security-done-> right.html If you (only) look through the Debian kernel bugs, you'll come across various bugs that say "It was working in version LTS-N, but it broke in LTS-N+1". so continuously updating to the latest version is anything but risk-free. If you install a new kernel version, you must reboot. While that may not be a problem for you and me, it is a problem for systems that need to be up 24/7. A lot of people likely think "I have better things to do with my time then constantly updating my kernel and rebooting my systems". The blog author lists various ways in which the process can be improved. The thing is that those things have been known for *decades*. Yet 'somehow' they have not been fixed. He talks rather casually about 'just throwing more resources' at the problem. Yet a massive company as Google with essentially unlimited resources/budgets hasn't been able to fixed it. Maybe those issues aren't as easy to fix as the author makes it seem? And that is with the Linux kernel, which by FAR has the largest base of contributors, including companies paying people to work on it full-time. But it's still just ONE component in a computer system. For 99+% of the other components in a computer system, the chances that all the improvements mentioned in the blog are applied is essentially NULL. As much I wish it wasn't the case, https://xkcd.com/2347/ is soo true. Running Unstable or some rolling release has benefits. And downsides/risks. You get bug fixes the first. And also new bugs. There is a saying connected to Unstable/Sid: "If it breaks, you get to keep all pieces" I'm pretty confident that I can recover from such issues, so I do run Sid. That way I can encounter such issues, report them and possibly help fix them, to reduce the chances that less computer-savvy persons run into them. I find Stable boring. Others RIGHTFULLY say, "boring is good". When you look at things from a single perspective, things often seem easier then they actually are.
Attachment:
signature.asc
Description: This is a digitally signed message part.