Re: Kernel upgrades = security upgrades - a possible solution?
On Tue, Sep 28, 1999 at 09:41:26PM -0500, Ashley Clark wrote:
> On Tue, 28 Sep 1999, Marcin Owsiany wrote:
> > the way to solve the problem would be to create a package called e.g.
> > "secure-kernel", which would depend on the most secure "kernel-image-<ver>".
> > Then if the security team has newer kernel with security bugfixes, they
> > would make a new version of "secure-kernel" which would depend on the fixed
> > kernel.
>
> I, for one, wouldn't want my kernel upgraded automatically, no matter
> what the fixes involved are. Here's why: I have compiled my own
> kernel with my hardware selected (sound, tape drive, scsi card,
> network card) and Debian simply can't afford to make all possible
> combinations of kernel configurations to provide an easy upgrade path
> for users. Now, possibly there could be some kind of secure-kernel
> package which would do nothing more than simply inform you during
> upgrade that a newer kernel with such-and-such security patches is
> available and recommend how to upgrade, that's seems more reasonable
> to me at least.
That is the point of this idea. If you want your kernel to be upgraded
automatically, you install secure-kernel, if you only want to be informed,
you install secure-kernel-info, if you don't care at all, you instal
neither.
regards
Marcin
--
---------------------------------
Marcin Owsiany
porridge@pandora.info.bielsko.pl
---------------------------------
Reply to: