1 |
on 11/28/2008 10:53 AM Dirk Heinrichs wrote the following: |
2 |
> Am Freitag 28 November 2008 09:41:55 schrieb ext Thanasis: |
3 |
> |
4 |
> |
5 |
>> Regarding kernel maintenance, mostly from the point of view of security, |
6 |
>> which is the best way to go: |
7 |
>> 1) Having gentoo-sources in /var/lib/portage/world, which would mean the |
8 |
>> sources would be upgraded whenever portage marks a newer version as |
9 |
>> stable (provided someone follows stable)? |
10 |
>> 2) Not having gentoo-sources in /var/lib/portage/world, which would mean |
11 |
>> the sources would be upgraded only as a dependency for some other |
12 |
>> package (which is quite improbable/rare)? |
13 |
>> |
14 |
>> (or, I may be missing something :-) ) |
15 |
>> |
16 |
> |
17 |
> Yes. Having the _sources_ upgraded doesn't gain you anything. You have to |
18 |
> actually compile a new kernel from them and reboot the system with that new |
19 |
> kernel. Do you do this right after every kernel source update? |
20 |
Yes, I always try to do it. |
21 |
> I don't. I only do this when it's possible to reboot the machine. |
22 |
> |
23 |
Of course. |
24 |
> That's the reason why I don't care kernel source upgrades via package manager |
25 |
> on any system. Only when it's possible to reboot the machine, I update the |
26 |
> kernel sources via git (much faster than installing a complete package), build |
27 |
> the new kernel and eventually update all out-of-tree modules via |
28 |
> portage/paludis beforehand. |
29 |
> |
30 |
> HTH... |
31 |
> |
32 |
> Dirk |
33 |
> |
34 |
OK, I'm not acquainted with git... :-\ , but that's another subject. :-) |