| 1 |
Am Freitag 28 November 2008 09:41:55 schrieb ext Thanasis: |
| 2 |
|
| 3 |
> Regarding kernel maintenance, mostly from the point of view of security, |
| 4 |
> which is the best way to go: |
| 5 |
> 1) Having gentoo-sources in /var/lib/portage/world, which would mean the |
| 6 |
> sources would be upgraded whenever portage marks a newer version as |
| 7 |
> stable (provided someone follows stable)? |
| 8 |
> 2) Not having gentoo-sources in /var/lib/portage/world, which would mean |
| 9 |
> the sources would be upgraded only as a dependency for some other |
| 10 |
> package (which is quite improbable/rare)? |
| 11 |
> |
| 12 |
> (or, I may be missing something :-) ) |
| 13 |
|
| 14 |
Yes. Having the _sources_ upgraded doesn't gain you anything. You have to |
| 15 |
actually compile a new kernel from them and reboot the system with that new |
| 16 |
kernel. Do you do this right after every kernel source update? I don't. I only |
| 17 |
do this when it's possible to reboot the machine. |
| 18 |
|
| 19 |
That's the reason why I don't care kernel source upgrades via package manager |
| 20 |
on any system. Only when it's possible to reboot the machine, I update the |
| 21 |
kernel sources via git (much faster than installing a complete package), build |
| 22 |
the new kernel and eventually update all out-of-tree modules via |
| 23 |
portage/paludis beforehand. |
| 24 |
|
| 25 |
HTH... |
| 26 |
|
| 27 |
Dirk |
| 28 |
-- |
| 29 |
Dirk Heinrichs | Tel: +49 (0)162 234 3408 |
| 30 |
Configuration Manager | Fax: +49 (0)211 47068 111 |
| 31 |
Capgemini Deutschland | Mail: dirk.heinrichs@×××××××××.com |
| 32 |
Wanheimerstraße 68 | Web: http://www.capgemini.com |
| 33 |
D-40468 Düsseldorf | ICQ#: 110037733 |
| 34 |
GPG Public Key C2E467BB | Keyserver: wwwkeys.pgp.net |
Archives