1 |
On 04/19/10 13:16, Ed W wrote: |
2 |
> I guess others will disagree, but I have never been a huge fan of the |
3 |
> kernel ebuilds. I'm just not clear what they buy you over downloading |
4 |
> and compiling your own? I think there are a few extra patches in the |
5 |
> case of gentoo-sources, but that seems to be about it? |
6 |
> |
7 |
> |
8 |
> If you don't yet have an alternative in place then my choice is for the |
9 |
> vserver+grsec patches that you can grab from the linux-vserver.org site |
10 |
> and this gives you a very easy way to setup chroot style jails with |
11 |
> lightweight virtualisation, plus all the grsec patches. If you just want |
12 |
> Pax then it's a fast moving target and you are best to grab and patch |
13 |
> your own kernel anyway, and don't forget to keep an archive of pax |
14 |
> patches used since they don't archive them on the site (annoying if you |
15 |
> are trying to diff the diff or whatever) |
16 |
> |
17 |
> |
18 |
> I realise everyone has different needs, but perhaps try pulling your own |
19 |
> kernel down and applying your own patches - I think it's about easier to |
20 |
> maintain in most cases? |
21 |
|
22 |
* The ebuilds for e.g. hardened-sources do all the patching for you, |
23 |
which is nice. |
24 |
|
25 |
* The fact that the kernel shows up in emerge output reminds me to |
26 |
compile a new one. |
27 |
|
28 |
* If a kernel is marked stable in Portage, it means that test dummies |
29 |
have been running it for a while and they survived. It also means |
30 |
no bugs were reported regarding integration with other in-tree |
31 |
packages. |
32 |
|
33 |
* Other packages in portage can require certain (versions of) kernels. |
34 |
If you compile your own, Portage doesn't know about it. Easy enough |
35 |
to fix via package.provided, but still a mild headache, especially if |
36 |
we're talking about a large number of machines. |
37 |
|
38 |
That's all I got. |