| 1 |
On Mon, Apr 19, 2010 at 7:24 PM, Ed W <lists@××××××××××.com> wrote: |
| 2 |
> Can we please avoid annoying the few developers we have working on hardened. |
| 3 |
|
| 4 |
I didn't mean to come off as critiquing anyone. I am a fan of the |
| 5 |
Gentoo Hardened and Security projects. I was only stating my |
| 6 |
impressions. |
| 7 |
|
| 8 |
> I would also disagree that there are some big vulnerabilities just because |
| 9 |
> your "stable" kernel is older. Personally I prefer to stay a little more up |
| 10 |
> to date, but I think there are a good may Redhat and Centos servers running |
| 11 |
> much older kernels than that... |
| 12 |
|
| 13 |
I disagree. That is a dangerous assertion. It is no secret that most |
| 14 |
vulnerabilities in Linux are fixed silently, without ever being |
| 15 |
reported as such. Hence why older kernels are more vulnerable. As for |
| 16 |
RedHat and CentOS: |
| 17 |
|
| 18 |
``silently-fixing vulnerabilities |
| 19 |
has become standard operating procedure among the kernel developers, |
| 20 |
confusing even their own ranks as to what needs to be backported to |
| 21 |
distro kernels or the stable tree.''[1] |
| 22 |
|
| 23 |
[1] <http://milw0rm.com/exploits/9191> |
| 24 |
|
| 25 |
-- |
| 26 |
Mansour Moufid |
Archives