1 |
Am Freitag 28 November 2008 09:41:55 schrieb ext Thanasis: |
2 |
|
3 |
> Regarding kernel maintenance, mostly from the point of view of security, |
4 |
> which is the best way to go: |
5 |
> 1) Having gentoo-sources in /var/lib/portage/world, which would mean the |
6 |
> sources would be upgraded whenever portage marks a newer version as |
7 |
> stable (provided someone follows stable)? |
8 |
> 2) Not having gentoo-sources in /var/lib/portage/world, which would mean |
9 |
> the sources would be upgraded only as a dependency for some other |
10 |
> package (which is quite improbable/rare)? |
11 |
> |
12 |
> (or, I may be missing something :-) ) |
13 |
|
14 |
Yes. Having the _sources_ upgraded doesn't gain you anything. You have to |
15 |
actually compile a new kernel from them and reboot the system with that new |
16 |
kernel. Do you do this right after every kernel source update? I don't. I only |
17 |
do this when it's possible to reboot the machine. |
18 |
|
19 |
That's the reason why I don't care kernel source upgrades via package manager |
20 |
on any system. Only when it's possible to reboot the machine, I update the |
21 |
kernel sources via git (much faster than installing a complete package), build |
22 |
the new kernel and eventually update all out-of-tree modules via |
23 |
portage/paludis beforehand. |
24 |
|
25 |
HTH... |
26 |
|
27 |
Dirk |
28 |
-- |
29 |
Dirk Heinrichs | Tel: +49 (0)162 234 3408 |
30 |
Configuration Manager | Fax: +49 (0)211 47068 111 |
31 |
Capgemini Deutschland | Mail: dirk.heinrichs@×××××××××.com |
32 |
Wanheimerstraße 68 | Web: http://www.capgemini.com |
33 |
D-40468 Düsseldorf | ICQ#: 110037733 |
34 |
GPG Public Key C2E467BB | Keyserver: wwwkeys.pgp.net |