From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-181806-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 0412A1382C5
	for <garchives@archives.gentoo.org>; Fri,  5 Jan 2018 12:34:34 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CE9B9E0D4C;
	Fri,  5 Jan 2018 12:34:26 +0000 (UTC)
Received: from pmta11.teksavvy.com (pmta11.teksavvy.com [76.10.157.34])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 7CF44E0D45
	for <gentoo-user@lists.gentoo.org>; Fri,  5 Jan 2018 12:34:26 +0000 (UTC)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2EgEwDBb09a/02Ps2tdHQEBBQELAYM+g?=
 =?us-ascii?q?VoniSKGB44UAYI0AZkLHYUiBAIChDNEFAEBAQEBAQEBAQNoKIUlBjocMwshExI?=
 =?us-ascii?q?PBSU3ii+ydoo7ATGEFIJpgQKFF4MwgjqCfII0BYpIiHCQJAKCQZJsgguKDhqHY?=
 =?us-ascii?q?JhPNiOBUHwIgmeEdSM3iVoBAQE?=
X-IPAS-Result: =?us-ascii?q?A2EgEwDBb09a/02Ps2tdHQEBBQELAYM+gVoniSKGB44UAYI?=
 =?us-ascii?q?0AZkLHYUiBAIChDNEFAEBAQEBAQEBAQNoKIUlBjocMwshExIPBSU3ii+ydoo7A?=
 =?us-ascii?q?TGEFIJpgQKFF4MwgjqCfII0BYpIiHCQJAKCQZJsgguKDhqHYJhPNiOBUHwIgme?=
 =?us-ascii?q?EdSM3iVoBAQE?=
X-IronPort-AV: E=Sophos;i="5.46,318,1511845200"; 
   d="scan'208";a="17420167"
Received: from 107-179-143-77.cpe.teksavvy.com (HELO waltdnes.org) ([107.179.143.77])
  by smtp.teksavvy.com with SMTP; 05 Jan 2018 07:34:24 -0500
Received: by waltdnes.org (sSMTP sendmail emulation); Fri, 05 Jan 2018 07:34:22 -0500
From: "Walter Dnes" <waltdnes@waltdnes.org>
Date: Fri, 5 Jan 2018 07:34:22 -0500
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: old kernels are installed during the upgrade
Message-ID: <20180105123422.GA22675@waltdnes.org>
References: <2CA973AB-B583-4F4F-A0B3-0FE347A672BD@stellar.eclipse.co.uk>
 <v56the-5ek.ln1@hurikhan77.spdns.de>
 <CAGfcS_nwSFyOxwQVs31=PWs0=Qk-Zuj7fv2u3YG1P5dxtnYCHg@mail.gmail.com>
 <CAC=wYCEG10Cucgpv_9chuLr4cBJHYgkwDy8-hX2bmYyho=TtWw@mail.gmail.com>
 <5A4D3E92.5010908@youngman.org.uk>
 <CAGfcS_ng-iEZMTAEV0PCimK6v=nD3jDkfdVJCme24=0nggPS2Q@mail.gmail.com>
 <pan$4131b$60b7adde$c92b847e$11433c3e@applied-asynchrony.com>
 <CAGfcS_=JHn_ZQVbKwH1DHGVRfwyBJL+gXsF3g8=4Lk4mUhWHcQ@mail.gmail.com>
 <20180105021217.GA19977@waltdnes.org>
 <CAGfcS_=YJCLuL-wYABWZP_uvyvtgfNccj60PfFbBc6qFSddBRw@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGfcS_=YJCLuL-wYABWZP_uvyvtgfNccj60PfFbBc6qFSddBRw@mail.gmail.com>
User-Agent: Mutt/1.7.2 (2016-11-26)
X-Archives-Salt: 27bfb2ba-ff3b-4c74-91fc-0e7d359cc47f
X-Archives-Hash: a0479bb63b7a08fe1caa6545fc05b1a0

  The most heavily exposed application will be your web browser.  It
runs various foreign code directly on your machine...

* web assembler
* java
* javascript
* ecmascript (part of Adobe Flash)

  I wonder if it's possible to compile a web browser with protection
against the exploits, but turn it off for other apps.  That would
protect against external attacks, while not hurting local app speed.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications