On Mon, 11 Feb 2008, Ross S. W. Walker wrote:
Dag Wieers wrote:
On Mon, 11 Feb 2008, jarmo wrote:
Ofcource there's a way, get vanilla kernel 2.6.24.2 and use
old config
compile it and run. I've done it.
And *poof* you lost all support or reproducability that people crave when using CentOS or RHEL.
So yes, it is a possibility, but probably unlikely when people have chosen CentOS or RHEL. And especially for those systems that are considered production (or important) and that are the most vulnerable you may not want to do this. (Or maybe instead you need to !)
Yes, true, but say you are running a shell account system and want to know it isn't vulnerable, can't wait until upstream provides a fix and don't want to run some possibly flaky work-around patch, what then?
I think one needs to weigh the consequences in these scenarios instead of saying it should be all one way or the other.
Then I would opt to patch the latest Red Hat kernel with eg. the Debian patch rather than running a 2.6.24.2 kernel that may have numerous yet-unknown compatibility problems with parts of the system that interact with the kernel. And I would make an RPM out of it that upgrades smoothly to the next CentOS release.
But then again, this would be advice for a minority and not something I would recommend to everyone on this list.