| 1 |
On 20/04/10 14:36, Kerin Millar wrote: |
| 2 |
>>> I would also disagree that there are some big vulnerabilities just |
| 3 |
>>> because |
| 4 |
>>> your "stable" kernel is older. Personally I prefer to stay a little |
| 5 |
>>> more up |
| 6 |
>>> to date, but I think there are a good may Redhat and Centos servers |
| 7 |
>>> running |
| 8 |
>>> much older kernels than that... |
| 9 |
> |
| 10 |
> Except that they don't use vanilla kernels and invest considerable |
| 11 |
> resources into the process of continually backporting fixes into their |
| 12 |
> respective patchsets, both security related and otherwise. RHEL has a |
| 13 |
> 7-year life cycle during which introducing any potentially breaking |
| 14 |
> changes in the kernel (or changes that may have an adverse impact on |
| 15 |
> userspace) is simply out of the question. |
| 16 |
|
| 17 |
Kerin is very much right. The RHEL/CentOS kernels do have a lot of |
| 18 |
backports from newer kernels. But it's not only security or bug fixes. |
| 19 |
It's updated drivers and other hardware enablements as well, in |
| 20 |
addition to new features. RHEL5.4 introduced fully Red Hat supported |
| 21 |
KVM, something which was just beyond imagination when the first RHEL5 |
| 22 |
release came with 2.6.18. And it still is a 2.6.18 *based* kernel |
| 23 |
today. But feature-wise, it's a much more modern kernel. |
| 24 |
|
| 25 |
But in reality, it is not fair to call it a 2.6.18 kernel [1], just |
| 26 |
because of the enormous amount of backports. And those backports are |
| 27 |
not allowed to change kABI (kernel application binary interface, which |
| 28 |
f.ex glibc and all modules uses) at all, so that all applications and |
| 29 |
services which got installed when installing the first RHEL5.0 was |
| 30 |
installed, should still work for the next 7 years - guaranteed. |
| 31 |
|
| 32 |
The Gentoo Hardened project will never be able to really manage that, as |
| 33 |
Gentoo is not aiming to be an enterprise level distribution like RHEL, |
| 34 |
CentOS or Novell SLES. So comparing the kernels between Gentoo and |
| 35 |
enterprise Linux kernels are not a fair comparison at all. |
| 36 |
|
| 37 |
|
| 38 |
kind regards, |
| 39 |
|
| 40 |
David Sommerseth |
| 41 |
|
| 42 |
|
| 43 |
[1] <http://www.channelregister.co.uk/2010/03/31/redhat_rhel_5_5/> |
Archives