On 04/17/2013 01:22 PM, Kevin Chadwick wrote:
Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter).This must not be so. Look, In my case I used a self compiled kernel, with very few modules. And as the only security holes have been in kernel modules, I did not compile, I needed not to install a new kernel. Those modules were just not existent. KISS-style. It makes things more secure!If you use a minimal config then I could believe that but bear in mind Linus famous words of "a bugs a bug". Having looked for security issues in a timely manner myself and having heard someone being very vocal about a security related too like polkit having had atleast one security bug fixed silently. I would still update. I wondered about ksplice once but I believe security restrictions, perhaps grsecurity prevented it from being used which made sense to me. OpenBSD has only had something like two holes in over a decade which is nice for uptime.
If i am not mistaken, The OpenBSD Team recommends a clean installation every 6 month.