LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A story of three kernel vulnerabilities

A story of three kernel vulnerabilities

Posted Feb 19, 2013 19:48 UTC (Tue) by dlang (✭ supporter ✭, #313)
Parent article: A story of three kernel vulnerabilities

This is one of the big problems with using 'vendor' kernels

They are supposed to be more reliable because they have better testing, but that testing takes time, and no distro ships the latest upstream kernel, so every distro has the added delay that they need to

1. notice that a change needs to be backported to their private kernel (I'm sure the usual suspects will again blast the kernel developers for not labeling every patch with it's security implication so that people could only look at 'security' patches, but that's a very old debate)

2. backport the change (figuring out if the patch has other implications due to other, unrelated changes that have taken place in the meantime)

3. test the 'new' kernel

4. ship the 'new' kernel to users.

All of this takes a long time, a few months of delay is actually surprisingly good (although 11-13 months seems to be a bit on the long side)

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds