| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Mar 2010 14:48:13 +0100 From: Ingo Molnar <mingo@...e.hu> To: "Frank Ch. Eigler" <fche@...hat.com> Cc: Avi Kivity <avi@...hat.com>, Alexander Graf <agraf@...e.de>, Anthony Liguori <anthony@...emonkey.ws>, "Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Sheng Yang <sheng@...ux.intel.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, Marcelo Tosatti <mtosatti@...hat.com>, oerg Roedel <joro@...tes.org>, Jes Sorensen <Jes.Sorensen@...hat.com>, Gleb Natapov <gleb@...hat.com>, Zachary Amsden <zamsden@...hat.com>, ziteng.huang@...el.com, Arnaldo Carvalho de Melo <acme@...hat.com>, Fr?d?ric Weisbecker <fweisbec@...il.com> Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single project * Frank Ch. Eigler <fche@...hat.com> wrote: > Hi - > > > > > [...] > > > > Distributions are very eager to update kernels even in stable periods of the > > > > distro lifetime - they are much less willing to update user-space packages. > > > > [...] > > > > > > Sorry, er, what? What distributions eagerly upgrade kernels in stable > > > periods, were it not primarily motivated by security fixes? [...] > > > > Please check the popular distro called 'Fedora' for example > > I do believe I've heard of it. According to fedora bodhi, there have > been 18 kernel updates issues for fedora 11 since its release, of > which 12 were for purely security updates, and most of the other six > also contain security fixes. None are described as 'enhancement' > updates. Oh, what about fedora 12? 8 updates total, of which 5 are > security only, one for drm showstoppers, others including security > fixes, again 0 tagged as 'enhancement'. > > So where is that "eagerness" again?? My sense is that most users are > happy to leave a stable kernel running as long as possible, and > distributions know this. You surely must understand that the lkml > demographics are different. > > > and its kernel upgrade policies. > > [citation needed] You are quite wrong, despite the sarcastic tone you are attempting to use, and this is distro kernel policy 101. For distros such as Fedora it's simpler to support the same kernel version across many older versions of the distro than having to support different kernel versions. Check Fedora 12 for example. Four months ago it was released with kernel v2.6.31: http://download.fedora.redhat.com/pub/fedora/linux/releases/12/Fedora/x86_64/os/Packages/kernel-2.6.31.5-127.fc12.x86_64.rpm But if you update a Fedora 12 installation today you'll get kernel v2.6.32: http://download.fedora.redhat.com/pub/fedora/linux/updates/12/SRPMS/kernel-2.6.32.9-70.fc12.src.rpm As a result you'll get a new 2.6.32 kernel on Fedora 12. The end result is what i said in the previous mail: that you'll get a newer kernel even on a stable distro - while user-space packages will only be updated if there's a security issue (and even then there's no version jump like for the kernel). > > > [...] What users eagerly replace their kernels? > > > > Those 99% who click on the 'install 193 updates' popup. > > That's not "eager". That's "I'm exasperated from guessing what's really > important; let's not have so many updates; meh". Erm, fact is, 99% [WAG] of the users click on the update button and accept whatever kernel version the distro update offers them. Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists