Re: Kernel upgrades = security upgrades - a possible solution?
Quoting Marcin Owsiany (porridge@pandora.info.bielsko.pl):
> On Wed, Sep 29, 1999 at 05:24:54PM +0300, Martin Fluch wrote:
> > On Wed, 29 Sep 1999, Marcin Owsiany wrote:
> >
> > > I guess this kind of kernel packages would be for people quite concerned
> > > about security but also quite lazy :)
> >
> > I guess, this is mutual exclusive. People which are lazy will leave many
> > (and I think also bigger) security holes some where else on the system, so
> > that it won't matter, if you keep your kernel that much secure...
>
> well, yes you are right.
> :)
> I guess i didn't really think of it before writing :(
>
> > > Also if you administer a lot of boxes, and if they work ok with the default
> > > kernel you will find it _a lot_ more convenient to automatically upgrade
> > > kernel than to compile it for each box...
> >
> > Ever considerd the package 'kernel-package'. This makes out of any kernel
> > source debian packages, which then can be installed with dpkg, apt-get or
> > what ever ...
>
> sure, since i had discovered it, i've never made a kernel without using it.
> But still you have to make the kernel, and if you compile it, you can't
> resist tweaking it to each particular system's needs, can you? :)
But this is where modules can help you. I have several machines that
need slightly different configurations because they have different
built-in sound mobos. I compile the kernel on one of them but with all
the modules I need. Then I fine tune /etc/modules for soundcard, ppa,
joystick etc.
But I think that the separation of kernel and distribution is a valuable
property of linux and should be preserved at all costs. Otherwise there
is the temptation to introduce subtle dependencies between them, which
increases complexity and decreases robustness.
On a slightly different but related tack, now that NT is an
Intel-only OS, how long before Intel architecture specific code
creeps into the kernel. How hard will it be to extract those
dependencies when transferring it to a new platform.
Cheers,
--
Email: d.wright@open.ac.uk Tel: +44 1908 653 739 Fax: +44 1908 655 151
Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer: These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
Reply to: