| 1 |
On 04/19/10 13:16, Ed W wrote: |
| 2 |
> I guess others will disagree, but I have never been a huge fan of the |
| 3 |
> kernel ebuilds. I'm just not clear what they buy you over downloading |
| 4 |
> and compiling your own? I think there are a few extra patches in the |
| 5 |
> case of gentoo-sources, but that seems to be about it? |
| 6 |
> |
| 7 |
> |
| 8 |
> If you don't yet have an alternative in place then my choice is for the |
| 9 |
> vserver+grsec patches that you can grab from the linux-vserver.org site |
| 10 |
> and this gives you a very easy way to setup chroot style jails with |
| 11 |
> lightweight virtualisation, plus all the grsec patches. If you just want |
| 12 |
> Pax then it's a fast moving target and you are best to grab and patch |
| 13 |
> your own kernel anyway, and don't forget to keep an archive of pax |
| 14 |
> patches used since they don't archive them on the site (annoying if you |
| 15 |
> are trying to diff the diff or whatever) |
| 16 |
> |
| 17 |
> |
| 18 |
> I realise everyone has different needs, but perhaps try pulling your own |
| 19 |
> kernel down and applying your own patches - I think it's about easier to |
| 20 |
> maintain in most cases? |
| 21 |
|
| 22 |
* The ebuilds for e.g. hardened-sources do all the patching for you, |
| 23 |
which is nice. |
| 24 |
|
| 25 |
* The fact that the kernel shows up in emerge output reminds me to |
| 26 |
compile a new one. |
| 27 |
|
| 28 |
* If a kernel is marked stable in Portage, it means that test dummies |
| 29 |
have been running it for a while and they survived. It also means |
| 30 |
no bugs were reported regarding integration with other in-tree |
| 31 |
packages. |
| 32 |
|
| 33 |
* Other packages in portage can require certain (versions of) kernels. |
| 34 |
If you compile your own, Portage doesn't know about it. Easy enough |
| 35 |
to fix via package.provided, but still a mild headache, especially if |
| 36 |
we're talking about a large number of machines. |
| 37 |
|
| 38 |
That's all I got. |
Archives