Submission + - Why a 'frozen' distribution Linux kernel isn't the safest choice for security (zdnet.com) 1
Jeremy Allison - Sam writes: Cracks in the Ice: Why a 'frozen' distribution Linux kernel isn't the safest choice for security
https://ciq.com/blog/why-a-fro...
This is an executive summary of research that my colleagues Ronnie Sahlberg and Jonathan Maple did, published as a whitepaper with all the numeric details here:
https://ciq.com/whitepaper/ven...
Steven Vaughan-Nichols is covering the release of this
data here:
https://www.zdnet.com/article/...
https://ciq.com/blog/why-a-fro...
This is an executive summary of research that my colleagues Ronnie Sahlberg and Jonathan Maple did, published as a whitepaper with all the numeric details here:
https://ciq.com/whitepaper/ven...
Steven Vaughan-Nichols is covering the release of this
data here:
https://www.zdnet.com/article/...
Unrealistic. (Score:2)
To be secure, you should always use the latest long-term stable kernel. [...] "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable."
That's unrealistic. You can't expect tens of millions of downstream programs to be retested and revalidated on a weekly or monthly cycle because you've discovered an error in your code and rather than backport the fix alone you want to make unrelated breaking changes.
I personally wait until the stable kernel has passed the 100 minor release mark before I upgrade to it. By then there's a track record telling me how reliable that series really is, and the changes are small enough that I can expect it to not b