1 |
On Sat, Jan 4, 2020 at 3:13 PM Christopher Head <chead@×××××.ca> wrote: |
2 |
> |
3 |
> |
4 |
> Of course this would be a bad argument if V-S were lagging behind upstream significantly, and it’s a much better argument for packages that come with expectations of security team support than those that don’t, but it is something to consider. |
5 |
> |
6 |
|
7 |
This was my main concern when it was mentioned that it wasn't |
8 |
security-supported. |
9 |
|
10 |
If it is always up-to-date that definitely helps mitigate things. |
11 |
Though, there should definitely be some kind of warning on the package |
12 |
that it isn't security supported. Even if it is up to date it won't |
13 |
get GLSAs and GLSA-checker won't work. Though, that really only makes |
14 |
a difference insofar as the GLSAs are also timely. |
15 |
|
16 |
In any case, if the just-announced distribution kernel project takes |
17 |
off and remains active I could easily see that becoming the most |
18 |
commonly used kernel option. I'm not knocking minimal kernels but I |
19 |
suspect a LOT of users are going to be well-served by a modular kernel |
20 |
that just works 99% of the time. |
21 |
|
22 |
-- |
23 |
Rich |