| 1 |
On Sunday 08 November 2009 23:20:31 Stroller wrote: |
| 2 |
> > You really need to learn to make your own kernel. ... |
| 3 |
> |
| 4 |
> Whilst I agree in principle that a good (slim?) kernel is better and |
| 5 |
> your comments on that, I am sceptical whether the majority of people |
| 6 |
> have the knowledge to make any significant performance or security |
| 7 |
> improvements. |
| 8 |
> |
| 9 |
> AIUI the kernels shipped by distros like Red Hat, for instance, are |
| 10 |
> configured by the very people that work on and maintain the mainline |
| 11 |
> kernel tree. How can any of us simple end-users compete with that? |
| 12 |
> |
| 13 |
> I imagine it to be very easy for any of us normal people to enable or |
| 14 |
> disable options that make significant performance impact - but we |
| 15 |
> would never know it, because we're not benchtesting it or even |
| 16 |
> qualified to assess proper benchtests. |
| 17 |
> |
| 18 |
> I cannot believe that in a day you could study this subject |
| 19 |
> sufficiently to have any reasonable competence on the matter. And thus |
| 20 |
> if you do spend only a day, that's wasted time. I would add that the |
| 21 |
> kernel is evolving constantly, and in a year's time your knowledge - |
| 22 |
> and your .config - is likely to be at least somewhat outdated. |
| 23 |
> |
| 24 |
> I chose to copy the .config from Knoppix because it's easy to get hold |
| 25 |
> of that, but also because it's selected by someone who knows more than |
| 26 |
> me, and it is likely to work with any hardware I install into my |
| 27 |
> machine or connect by USB. I take Volker's point that a LiveCD .config |
| 28 |
> could be the worst possible choice so I'm open to alternatives, but |
| 29 |
> I hope those who say I should "learn to make your own kernel" |
| 30 |
> appreciate my points over how effectual that will be - sure, I can |
| 31 |
> delete my .config and start again with `make menuconfig` and I can go |
| 32 |
> through every option and read the help, and I'm sure I'll get just as |
| 33 |
> good results as 80% of the people on this list, but I just don't know |
| 34 |
> that that's much of an answer. |
| 35 |
|
| 36 |
You are reading way more into the subject than is actually there. |
| 37 |
|
| 38 |
Red Hat employees do work on mainline and do write kernel code. But finding a |
| 39 |
bug, writing new code and fixing security exploits are very different |
| 40 |
activities to simply configuring the code that is there. And that is what RH |
| 41 |
do - they take the code that is already there, apply whatever backport and |
| 42 |
experimental patches suits their distro, then go through menuconfig switching |
| 43 |
some things on and some things off. Their needs are different to yours - they |
| 44 |
need their kernel to run on just about any hardware on the planet, so they |
| 45 |
build a horrendously complex initrd with support for every known boot device, |
| 46 |
then build every module that even half-way works. And also enable every known |
| 47 |
kernel sub-system (because someone somewhere is going to use it). |
| 48 |
|
| 49 |
By your analogy, you might consider Red Hat more qualified than you to decide |
| 50 |
if you should build an MTA with or without LDAP support. Which is of course |
| 51 |
patently ridiculous - if you know you need LDAP then you need it. Otherwise |
| 52 |
you don't (and this is not a security issue, it's a features issue) |
| 53 |
|
| 54 |
If you configure your own kernel, you only need build the bits you use. The |
| 55 |
sole benefit for a Gentoo users to using a custom distro kernel is support for |
| 56 |
things not in mainline (like some entire FibreChannel product ranges out |
| 57 |
there). But please note that even if you copy an RH .config, you do not have |
| 58 |
those patches to hand so you will not get those extra features. Unless you |
| 59 |
patched the ebuild yourself, in which case you are already au-fait with |
| 60 |
building a kernel and we would not be having this discussion. |
| 61 |
|
| 62 |
In summary, I hear your reasoning and understand your concerns. But it is |
| 63 |
flawed and you are worried about something that is not actually there. |
| 64 |
|
| 65 |
|
| 66 |
-- |
| 67 |
alan dot mckinnon at gmail dot com |
Archives