Re: Kernel upgrades = security upgrades - a possible solution?

To: Martin Fluch <fluch@rock.helsinki.fi>, Marcin Owsiany <porridge@pandora.info.bielsko.pl>, Seth R Arnold <sarnold@willamette.edu>, Debian-User mailing list <debian-user@lists.debian.org>
Subject: Re: Kernel upgrades = security upgrades - a possible solution?
From: David Wright <d.wright@open.ac.uk>
Date: Thu, 30 Sep 1999 13:30:07 +0100
Message-id: <19990930133006.B18217@tyne.>
Mail-followup-to: Martin Fluch <fluch@rock.helsinki.fi>, Marcin Owsiany <porridge@pandora.info.bielsko.pl>, Seth R Arnold <sarnold@willamette.edu>, Debian-User mailing list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 19990929233712.D317@pecet.info.bielsko.pl>; from Marcin Owsiany on Wed, Sep 29, 1999 at 11:37:12PM +0200
References: <[🔎] 19990929104620.A540@pandora.info.bielsko.pl> <[🔎] Pine.LNX.4.10.9909291720030.17736-100000@fun93.kivikko.hoas.fi> <[🔎] 19990929233712.D317@pecet.info.bielsko.pl>

Quoting Marcin Owsiany (porridge@pandora.info.bielsko.pl):
> On Wed, Sep 29, 1999 at 05:24:54PM +0300, Martin Fluch wrote:
> > On Wed, 29 Sep 1999, Marcin Owsiany wrote:
> > 
> > > I guess this kind of kernel packages would be for people quite concerned
> > > about security but also quite lazy :)
> > 
> > I guess, this is mutual exclusive. People which are lazy will leave many
> > (and I think also bigger) security holes some where else on the system, so
> > that it won't matter, if you keep your kernel that much secure...
> 
> well, yes you are right.
> :)
> I guess i didn't really think of it before writing :(
> 
> > > Also if you administer a lot of boxes, and if they work ok with the default
> > > kernel you will find it _a lot_ more convenient to automatically upgrade
> > > kernel than to compile it for each box...
> > 
> > Ever considerd the package 'kernel-package'. This makes out of any kernel
> > source debian packages, which then can be installed with dpkg, apt-get or
> > what ever ... 
> 
> sure, since i had discovered it, i've never made a kernel without using it.
> But still you have to make the kernel, and if you compile it, you can't
> resist tweaking it to each particular system's needs, can you? :)

But this is where modules can help you. I have several machines that
need slightly different configurations because they have different
built-in sound mobos. I compile the kernel on one of them but with all
the modules I need. Then I fine tune /etc/modules for soundcard, ppa,
joystick etc.

But I think that the separation of kernel and distribution is a valuable
property of linux and should be preserved at all costs. Otherwise there
is the temptation to introduce subtle dependencies between them, which
increases complexity and decreases robustness.

On a slightly different but related tack, now that NT is an
Intel-only OS, how long before Intel architecture specific code
creeps into the kernel. How hard will it be to extract those
dependencies when transferring it to a new platform.

Cheers,

-- 
Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.

Reply to:

References:
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Martin Fluch <fluch@rock.helsinki.fi>
- Re: Kernel upgrades = security upgrades - a possible solution?
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>

Prev by Date: Re: Environment Variable weirdness
Next by Date: daylight savings
Previous by thread: Re: Kernel upgrades = security upgrades - a possible solution?
Next by thread: Re: Kernel upgrades = security upgrades - a possible solution?
Index(es):
- Date
- Thread