Hello,
looking at the recent vanilla changes, there seem to be a rather rapid
development at the moment ;-) and I've to confess, that I lost the
overview, what sec-holes do affect debian and which don't.
I was frightend recently, then I noticed that 2.4.27 was fixing
somecve-2004 stuff other a month ago as well as 2.6.
Just take a look at CVE-2004-1017. It was fixed in red hat in january
2005 and fixed in debian in march 2006.
Therefore I suspect, that the debian kernel do have some security flaws,
fixed in mainline kernel months ago. Am I wrong here?
This takes me to a difficult point:
- I can run 2.4 on my servers, what is considered to be depracted for
etch. - I can use the debian kernels and risk being compromised.
- I can say goodbye to linux and use Debian/kBSD
- I can use my own vanilla builds, building a new kernel every day.
(Looking at the amount of patches since april 12th.)
Anyway, what do you recommend?
And is there any public status / shape information on the debian kernels?