Linux-fight! Dev's plan to bundle kernel patches sparks debate Linux developer Sasha Levin has kicked off a project in which he proposes gathering up kernel security fixes under a single tree. The rationale behind the “Linux-stable security tree project”, he explains, is that sysadmins in large, complex deployments find following kernel upgrades is daunting. “Quite a few users of the …
I like the 'its your fault if the update process cant handle things'.
I've seen multiple kernel updates in one week. Its lucky that IT support are sitting around waiting for this to happen, implement system-wide regression tests on the test system before system-wide roll-out which naturally will be faultless.
Still the proof of the pudding is in how many people will sign up and drag down his feed. Good luck to him for making other people's lives easier.
The update process should be able to handle this unless you're saying that you think security only patches will follow a different process without regression tests etc.
I guess if you have an emergency patching procedure that skips or reduces the amount of regression testing done then it would be beneficial to be able to only update the security fix in question.
Testing bandwidth is one of the biggest constraints that I have to deal with so I do get the appeal of only deploying kernel patches when they are needed but for us they would still need to follow the exact same path as the standard update process
"Testing bandwidth is one of the biggest constraints that I have to deal with so I do get the appeal of only deploying kernel patches when they are needed but for us they would still need to follow the exact same path as the standard update process"
It's kinda nuts that all over the world there are sysadmins all doing a lot of regression testing on the same code. Smacks of duplication of effort. Anything that can help improve that situation is indeed a good thing and knocks another few dimes out of Microsoft's old Total Cost of Ownership argument.
WRT the fuss on the Linux mailing list, it is bizarre why anyone would even dream of slagging the effort. All he's doing is exercising the rights granted by the GPL in a way that some (or indeed, quite a lot) people will find useful. They're probably angry that someone has effectively pointed out that the Linux dev community has not always been as universally useful as they'd like to believe.
WRT the fuss on the Linux mailing list, it is bizarre why anyone would even dream of slagging the effort. All he's doing is exercising the rights granted by the GPL in a way that some (or indeed, quite a lot) people will find useful.
You've got to be very careful when messing around with religion, even branches of the same religions can often not see eye to eye. ;)
@Harry Kiri - This will have nothing to do with people who do IT support. People running IT systems get their kernels from their distros, not direct from the kernel developers. The people this will affect are Linux distros, hardware manufacturers who create their own embedded kernels, and hobbyists who see rolling their own as a recreational activity.
This may benefit some of the smaller distros who ship more or less vanilla kernels, but if you're using something like RHEL, Ubuntu, or SUSE, their kernels tend to have so much out of tree and back-ported stuff that they need their own internal tracking systems anyway.
This has been talked about for years. The main reason why most kernel developers aren't much interested in doing it is that they see making these sorts of decisions as being the job of a distro. A vuln that affects Red Hat may not affect Ubuntu, or visa versa even if they are both theoretically using the same kernel version.
I don't know the background of the person behind this latest effort, but in the past the proposals seem to have mainly come from small security companies who offer "extra hardened" kernels (not everyone agrees these address genuine needs) who found that keeping track of patches and updates took a lot more resources than their business plan allowed for, and were looking to get the kernel devs to do it for them. i suspect that this effort will run out of steam eventually.
Long story short, if you're running a standard distro such as Ubuntu, the distro team already looks after this for you and it won't make any difference.
You are reading the Kernel mailing list. Do you know why those debates get so heated? Why Linus is shouting at people and calling names? Because they only do that to the people they know in real life. If I was a friend of Linus he would be say my code is bad and I should feel bad and I couldn't be upset because he is my friend. Same thing for the rest of these conversations. There is absolutely no reason at all why "The Register" which is a bit like the funny pages of the IT news, should look at that mailing list. Yes, it's open, yes, everyone can read it, but you shouldn't grab some e-mails about people who really want to improve something and send that to their friends and make an article about it. It's a terrible thing to do and far from news worthy. This has no impact on the IT world, has no impact on the Linux Kernel project, no impact on anyone involved, yet you make a news article, just to attract some viewers. I came here because of another RSS feed that pointed me here.
I think your point about context is interesting; that maybe the Reg shouldn't portray two friends having a dig at each other as a massive argument at the heart of the Linux project. I wouldn't hold my breath though, no news org is above clickbait. That said, you can't expect the Reg not to report something from an open mailing list when it's likely of interest to a lot of their readers. It's their job to report this stuff.
Wait, so it's okay for me to shout and call people names and make a tool of myself (as Linus does in your example) so long as I do it in my condo. People who hear the shouty-shouty through the open window are in the wrong, as is anyone who repeats what I said...
It's a public list. When posts are made the posters (should) know their words are public. Perhaps that's why some act so immature.
I think this would be an excellent idea. For _all_ OSes.
As a mostly Mac OSX user (with a smattering of FreeBSD, Windows Server, QNX, and the odd Xinu box) I would _LOVE_ to be able to trust that a "security update" was really about security, not some "This patch closes a vulnerabiity that can be exploited by any local user in physical possession of the machine who has connected a Morse key to it and can key in the lyrics to Louie Louie at > 35 WPM. It also defaults the keyboard handler to sending every keystroke to our servers so we can improve the relevance of the suggestion for purchased videos and creates a hidden task to reset to that default if you should be so presumptuous to change it" (Phrased differently, but that's the Truth in Advertising version).
So far both OSX and Windows have been mostly that sort of "vital upgrade"
In the Linux world, this is one of the main jobs of the distros. If you want a "security update only" distro, then just pick something like Debian Stable or RHEL. This is what they do.
If you're downloading source code direct from the development servers and compiling and installing your own kernels, then yes, you're going to be getting a lot of changes for things you don't want. Not to mention a shed load of code for things like mobile phones, supercomputers, DSLR cameras, network switches, and everything else you can imagine. This is why most people don't roll their own distro from scratch direct from the various development servers scattered all over the Internet, they use one of the standard ones from a distro. Only a very, very, tiny percentage of Linux users have ever compiled their own kernel.
I doubt that things are much different at Microsoft or Apple. It's just that with Linux, you can read all of their "internal" emails and get copies of their development servers without having to worry about getting your collar felt by the police.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
