Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] Vanilla sources
Date: Sat, 04 Jan 2020 20:39:58
Message-Id: CAGfcS_nNXA6c=-xwhJ8VS9v5-E-Bj+G0pb8KMOSgXce5vW3YeA@mail.gmail.com
In Reply to: Re: [gentoo-dev] Vanilla sources by Christopher Head
1 On Sat, Jan 4, 2020 at 3:13 PM Christopher Head <chead@×××××.ca> wrote:
2 >
3 >
4 > Of course this would be a bad argument if V-S were lagging behind upstream significantly, and it’s a much better argument for packages that come with expectations of security team support than those that don’t, but it is something to consider.
5 >
6
7 This was my main concern when it was mentioned that it wasn't
8 security-supported.
9
10 If it is always up-to-date that definitely helps mitigate things.
11 Though, there should definitely be some kind of warning on the package
12 that it isn't security supported. Even if it is up to date it won't
13 get GLSAs and GLSA-checker won't work. Though, that really only makes
14 a difference insofar as the GLSAs are also timely.
15
16 In any case, if the just-announced distribution kernel project takes
17 off and remains active I could easily see that becoming the most
18 commonly used kernel option. I'm not knocking minimal kernels but I
19 suspect a LOT of users are going to be well-served by a modular kernel
20 that just works 99% of the time.
21
22 --
23 Rich