1 |
On Mon, Apr 19, 2010 at 7:24 PM, Ed W <lists@××××××××××.com> wrote: |
2 |
> Can we please avoid annoying the few developers we have working on hardened. |
3 |
|
4 |
I didn't mean to come off as critiquing anyone. I am a fan of the |
5 |
Gentoo Hardened and Security projects. I was only stating my |
6 |
impressions. |
7 |
|
8 |
> I would also disagree that there are some big vulnerabilities just because |
9 |
> your "stable" kernel is older. Personally I prefer to stay a little more up |
10 |
> to date, but I think there are a good may Redhat and Centos servers running |
11 |
> much older kernels than that... |
12 |
|
13 |
I disagree. That is a dangerous assertion. It is no secret that most |
14 |
vulnerabilities in Linux are fixed silently, without ever being |
15 |
reported as such. Hence why older kernels are more vulnerable. As for |
16 |
RedHat and CentOS: |
17 |
|
18 |
``silently-fixing vulnerabilities |
19 |
has become standard operating procedure among the kernel developers, |
20 |
confusing even their own ranks as to what needs to be backported to |
21 |
distro kernels or the stable tree.''[1] |
22 |
|
23 |
[1] <http://milw0rm.com/exploits/9191> |
24 |
|
25 |
-- |
26 |
Mansour Moufid |