1 |
On 20/04/10 14:36, Kerin Millar wrote: |
2 |
>>> I would also disagree that there are some big vulnerabilities just |
3 |
>>> because |
4 |
>>> your "stable" kernel is older. Personally I prefer to stay a little |
5 |
>>> more up |
6 |
>>> to date, but I think there are a good may Redhat and Centos servers |
7 |
>>> running |
8 |
>>> much older kernels than that... |
9 |
> |
10 |
> Except that they don't use vanilla kernels and invest considerable |
11 |
> resources into the process of continually backporting fixes into their |
12 |
> respective patchsets, both security related and otherwise. RHEL has a |
13 |
> 7-year life cycle during which introducing any potentially breaking |
14 |
> changes in the kernel (or changes that may have an adverse impact on |
15 |
> userspace) is simply out of the question. |
16 |
|
17 |
Kerin is very much right. The RHEL/CentOS kernels do have a lot of |
18 |
backports from newer kernels. But it's not only security or bug fixes. |
19 |
It's updated drivers and other hardware enablements as well, in |
20 |
addition to new features. RHEL5.4 introduced fully Red Hat supported |
21 |
KVM, something which was just beyond imagination when the first RHEL5 |
22 |
release came with 2.6.18. And it still is a 2.6.18 *based* kernel |
23 |
today. But feature-wise, it's a much more modern kernel. |
24 |
|
25 |
But in reality, it is not fair to call it a 2.6.18 kernel [1], just |
26 |
because of the enormous amount of backports. And those backports are |
27 |
not allowed to change kABI (kernel application binary interface, which |
28 |
f.ex glibc and all modules uses) at all, so that all applications and |
29 |
services which got installed when installing the first RHEL5.0 was |
30 |
installed, should still work for the next 7 years - guaranteed. |
31 |
|
32 |
The Gentoo Hardened project will never be able to really manage that, as |
33 |
Gentoo is not aiming to be an enterprise level distribution like RHEL, |
34 |
CentOS or Novell SLES. So comparing the kernels between Gentoo and |
35 |
enterprise Linux kernels are not a fair comparison at all. |
36 |
|
37 |
|
38 |
kind regards, |
39 |
|
40 |
David Sommerseth |
41 |
|
42 |
|
43 |
[1] <http://www.channelregister.co.uk/2010/03/31/redhat_rhel_5_5/> |