Stable kernel 2.6.38.7
Stable kernel 2.6.38.7
Posted May 22, 2011 23:06 UTC (Sun) by dlang (guest, #313)In reply to: Stable kernel 2.6.38.7 by kragil
Parent article: Stable kernel 2.6.38.7
they are explicitly _not_ trying to make a statement about what and how severe any security vulnerabilities in the release are.
Posted May 23, 2011 9:37 UTC (Mon)
by ledow (guest, #11753)
[Link] (6 responses)
The whole "how dangerous is it" question isn't one that can be answered and, if the answer actually matters to you, it DOESN'T matter how dangerous it is - you should be upgrading.
It's like saying "How dangerous is it to not have the timing belt on a car be within 0.1% accuracy instead of 0.2%?" Nobody can say without an awful lot of testing and deployment and recording how much more "danger" shows up. And if the answer MATTERS to you, you're the one that's going to need to do that testing and deployment - which you should be doing anyway with EVERY change.
I do hate the people that whinge on about this like its the end of the world when, in fact, to anyone where it matters, it's *THEIR* responsibility to find out - not some random release developer that approved a patch from a maintainer that forwarded a patch from a random programmer that probably wouldn't be able to tell how "safe" it was (unless in comparison to previous code - e.g. probably less or more safe than before).
BTW: Where's PaXTeam - not showed up yet?
Posted May 23, 2011 14:11 UTC (Mon)
by proski (subscriber, #104)
[Link] (5 responses)
And if a car maker decides to adust timing belts on all cars of a certain model and year, that can cost many millions of dollars.
Even though car safety matters to drivers and car makers, the decision to make repairs is not always obvious. Testing is important so that the impact of the changes can be compared to other factors, such as cost and rsiks of damaging something during the service.
Upgrading kernels may be trivial on a personal laptop of a power user, but it may be expensive and risky on a large server or a critical embedded system. Impact of the bugs is relevant when such upgrades are considered.
Posted May 23, 2011 15:54 UTC (Mon)
by NAR (subscriber, #1313)
[Link] (3 responses)
Posted May 23, 2011 16:24 UTC (Mon)
by arekm (guest, #4846)
[Link] (2 responses)
Posted May 23, 2011 17:34 UTC (Mon)
by mpr22 (subscriber, #60784)
[Link] (1 responses)
Because this is 2011, not 1993. I would expect that by all reasonable metrics, people who don't use a third-party distribution (be it Ubuntu, RHEL, SUSE, or whatever) are a fairly small minority of the Linux user base.
Posted May 23, 2011 17:44 UTC (Mon)
by arekm (guest, #4846)
[Link]
Posted May 23, 2011 17:49 UTC (Mon)
by ThinkRob (guest, #64513)
[Link]
And thus enterprise Linux was born. :D
I'd be willing to bet that -- outside of some niche use cases -- if you're running a critical server on Linux, you're doing it on an enterprise-oriented distro, and thus the distro maintainers (to whom you likely pay a good chunk of change) help address the risks involved.
Stable kernel 2.6.38.7
The car analogy brings an interesting insight. Adjusting the timing belt on one car is time consuming. There is a certain risk of something going wrong. You would not trust a random person to do that.
Stable kernel 2.6.38.7
Stable kernel 2.6.38.7
Stable kernel 2.6.38.7
Stable kernel 2.6.38.7
No idea why so many people think there is some magic "distributor".
Stable kernel 2.6.38.7
Stable kernel 2.6.38.7