On Fri, May 27, 2005 at 10:54:02AM +0800, Robert Vangel wrote: > Roberto C. Sanchez wrote: > > >As far as the kernel, even Linus Torvalds himself, IIRC, has stated that > >running kernels from kernel.org is not a good idea unless, 1) you are > >testing the kernel and/or developing on it, or 2) you are absolutely > >100% certain that you know exactly what you are doing and the > >ramifications of that. Don't forget, that on many occasions, the > >release versions of the kernel have security vulnerabilites in them that > >are only fixed in daily snapshots and won't become officially available > >until the next release. > > I take a vanilla, then apply the debian patches I want then do it myself. I > choose to do this because it means I can take everything I am not going to need > out of it. As long as you make a concious decision to do this. Unfortunately, many people go out and grab some package from the upstream site and then think that the security updates will roll in along with all the other apt-get stuff. They won't, but then you understand that. Personally, I roll my own kernel, but I choose the Debian kernel-source-* packages for that. Then I don't need to remember to personally keep such close track of the security vulnerabilities. I still track them, but I realize that when fixes become available, I will see them in the new kernel-source packages that come down. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
Attachment:
pgp2_KTAt2bIz.pgp
Description: PGP signature