lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080213004951.GA29524@1wt.eu>
Date:	Wed, 13 Feb 2008 01:49:51 +0100
From:	Willy Tarreau <w@....eu>
To:	Tomasz Chmielewski <mangoo@...g.org>
Cc:	LKML <linux-kernel@...r.kernel.org>, wferi@...f.hu
Subject: Re: currently active Linux kernel versions

On Tue, Feb 12, 2008 at 11:37:14PM +0100, Tomasz Chmielewski wrote:
> Wagner Ferenc wrote:
> 
> >which are the "currently active Linux kernel versions" at any point in
> >time?  The quote is taken from http://lkml.org/lkml/2008/2/11/29.
> >Or more precisely: which are the "stable" versions I can depend on for
> >a more or less critical server, those that have active security
> >support or receive at least critical bugfixes?  I know about the
> >2.6.2[34].y stable git trees, but I wonder how long will those receive
> >attention (that is, security fixes).  Can I find a written policy
> >somewhere?
> 
> I would say:
> 
> a) the kernel your distro provides,

OK for this one

> b) if you're not using a kernel provided by your distribution, the 
> newest kernel from kernel.org

Hummm... he said "a more or less critical server, those that have active
security support or receive at least critical bugfixes". So he does not
want surprizes :-)

> (there are some older, still maintaned kernels with security fixes, too).

I would suggest stable - N-1 for most usages. 2.6.24.y is open, 2.6.23.y is
supposed to be good. The advantage when you proceed like this is that you
can jump from an older kernel to a more recent one which has already got its
share of fixes and is still maintained for some time.

Generally, I would trust Greg when he drops an old kernel, it means that he's
confident enough in the next one.

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ