lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706271154.25907.alan@linuxholdings.co.za>
Date:	Wed, 27 Jun 2007 11:54:25 +0200
From:	Alan McKinnon <alan@...uxholdings.co.za>
To:	linux-kernel@...r.kernel.org
Subject: Re: Please release a stable kernel Linux 3.0

On Wednesday 27 June 2007, Zoltán HUBERT wrote:

> If I have to rely on the distribution to help me it spoils
> the whole benefit of open source. I don't trust Novell or
> RedHat or Google more than Microsoft or Apple. You "kernel
> developpers" are the keepers of the flame.

You seem to misunderstand kernel development. You also seem to expect a 
lot from something that is gifted to you gratis.

These nice people at kernel.org have never claimed that they will 
support older kernel versions. What they have said is that the -stable 
team currently publish 2.6.20 and 2.6.21 while Adrian Bunk is doing his 
thing with 2.6.16. As for back-porting new stuff into old kernels, 
that's the distro's job. If you don't trust the distro, then get one 
you do trust. If you trust none of them, then can I suggest you use the 
one resource you *can* trust - yourself?

*That* is the "whole benefit of open source" - you get to do it yourself 
if you choose to/need to

[snip]

> I don't remember how it was during 2.4 and before, but I
> find it very suspicious that SuSE and RedHat only provide
> 2.6.10 and 2.6.9 for their OS. It looks as if THEY didn't
> trust 2.6.x to be a replacement to 2.6.y

No, it means they chose 2.6.whatever for a specific version of their OS 
and they maintain that kernel series to fit that OS.

They also do not take any arb new glibc version and stick that into the 
OS either, because that breaks stuff. But I don't see you complaining 
about that.

> And as I understand it, this is (was ?) the whole point of
> stable/development kernels. "We" can trust a newer stable
> kernel to be a drop-in replacement for an older stable
> kernel (from the same series), while development kernels
> need time to stabilise with the new whizz-bang-pfouit stuff
> that you all so nicely add.

That might have been the case in the 2.4 era, but it's not the case now. 
It changed early on in the 2.6 series and it was changed for very sound 
engineering reasons. Put simply - a stable/dev scenario just didn't 
work and there was way tooo much work for way too little gain.

Distros themselves are the best resource to supply stable kernels, 
because they have been doing that anyway for a long time now.


alan


-- 
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ