From: Kerin Millar <kerframil@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: [gentoo-hardened] Re: kernel no longer in hardened-development overlay?
Date: Tue, 20 Apr 2010 13:36:08 +0100 [thread overview]
Message-ID: <hqk73p$2ts$1@dough.gmane.org> (raw)
In-Reply-To: <x2g44a1f4d21004191643l6ed16d04yfb5eb600a8a87b1a@mail.gmail.com>
On 20/04/2010 00:43, Mansour Moufid wrote:
> On Mon, Apr 19, 2010 at 7:24 PM, Ed W<lists@wildgooses.com> wrote:
>> Can we please avoid annoying the few developers we have working on hardened.
>
> I didn't mean to come off as critiquing anyone. I am a fan of the
> Gentoo Hardened and Security projects. I was only stating my
> impressions.
>
>> I would also disagree that there are some big vulnerabilities just because
>> your "stable" kernel is older. Personally I prefer to stay a little more up
>> to date, but I think there are a good may Redhat and Centos servers running
>> much older kernels than that...
Except that they don't use vanilla kernels and invest considerable
resources into the process of continually backporting fixes into their
respective patchsets, both security related and otherwise. RHEL has a
7-year life cycle during which introducing any potentially breaking
changes in the kernel (or changes that may have an adverse impact on
userspace) is simply out of the question.
>
> I disagree. That is a dangerous assertion. It is no secret that most
> vulnerabilities in Linux are fixed silently, without ever being
> reported as such. Hence why older kernels are more vulnerable. As for
> RedHat and CentOS:
Indeed. I believe that we'll be seeing a GLSA in the not-too-distant
future which settles this argument beyond any doubt.
Cheers,
--Kerin
next prev parent reply other threads:[~2010-04-20 12:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-19 16:53 [gentoo-hardened] kernel no longer in hardened-development overlay? Joseph C. Lininger
2010-04-19 17:16 ` Ed W
2010-04-19 18:31 ` Michael Orlitzky
2010-04-19 19:37 ` Mike Edenfield
2010-04-19 23:02 ` Ed W
2010-04-19 19:45 ` David Sommerseth
2010-04-19 22:27 ` [gentoo-hardened] " Kerin Millar
2010-04-19 23:15 ` [gentoo-hardened] " Ed W
2010-04-20 5:14 ` Kai Dietrich
2010-04-20 11:57 ` Darknight
2010-04-20 13:34 ` Ed W
2010-04-20 13:46 ` Pavel Labushev
2010-04-19 17:46 ` [gentoo-hardened] " Kerin Millar
2010-04-19 20:12 ` Guillaume Castagnino
2010-04-19 22:56 ` Ed W
2010-04-19 23:05 ` [gentoo-hardened] " Mansour Moufid
2010-04-19 23:24 ` Ed W
2010-04-19 23:43 ` Mansour Moufid
2010-04-20 12:36 ` Kerin Millar [this message]
2010-04-20 15:36 ` [gentoo-hardened] " David Sommerseth
2010-04-19 23:35 ` [gentoo-hardened] " klondike
2010-04-20 0:00 ` Anthony G Basile
2010-04-20 5:08 ` Tóth Attila
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='hqk73p$2ts$1@dough.gmane.org' \
--to=kerframil@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox