Hi,
after watching the security alerts for the centos kernel I've the impression that altought they are fixed fastly there are more alerts than for the vanilla one of the same version.
Question: Are those alerts mostly specifically centos related or do they also affect the vanilla sources?
On Tue, 2011-01-25 at 02:24 -0800, Dave wrote:
Question: Are those alerts mostly specifically centos related or do they also affect the vanilla sources?
Yes and No. It is dependent on where you are getting the source security updates from. Some times it can come down all the way from kernel.org > rh >CentOS. Then at times the security problem never effects kernel.org kernel. There can be issues into play that upstream introduced into the kernel itself from patchwork that will never get into or see light of day to the kernel.org kernel.
John
Yes and No. It is dependent on where you are getting the source security updates from. Some times it can come down all the way from kernel.org > rh >CentOS. Then at times the security problem never effects kernel.org kernel. There can be issues into play that upstream introduced into the kernel itself from patchwork that will never get into or see light of day to the kernel.org kernel.
Thanks. I do see more clearly now.
On 01/25/2011 10:24 AM, Dave wrote:
after watching the security alerts for the centos kernel I've the impression that altought they are fixed fastly there are more alerts than for the vanilla one of the same version.
vanilla one for the same version isnt really that actively maintained is it ? Also, the EL kernels contain a fair bit of backports which makes things a bit more interesting.
- KB
On Tue, 25 Jan 2011 11:34 +0000, "Karanbir Singh" mail-lists@karan.org wrote:
On 01/25/2011 10:24 AM, Dave wrote:
after watching the security alerts for the centos kernel I've the impression that altought they are fixed fastly there are more alerts than for the vanilla one of the same version.
vanilla one for the same version isnt really that actively maintained is it ? Also, the EL kernels contain a fair bit of backports which makes things a bit more interesting.
Not sure. That's why I'm asking for. eg 2.6.32 >> 2.6.32.28 (longterm) are there only improvements but no fixes?
On the other hand EL kernels are as far as I got information from here more adapted to Industry needs. So they have special code added vanilla kernels don't have. Right?
On 01/25/2011 12:59 PM, Dave wrote:
vanilla one for the same version isnt really that actively maintained is it ? Also, the EL kernels contain a fair bit of backports which makes things a bit more interesting.
Not sure. That's why I'm asking for. eg 2.6.32>> 2.6.32.28 (longterm) are there only improvements but no fixes?
the CentOS-5 kernel is at 2.6.18 ( as based ) with a 2xx TAG for release. It contains backports from newer kernels, added hardware support from upstream and fix's + enhancements from the 2.6.18 base.
On the other hand EL kernels are as far as I got information from here more adapted to Industry needs. So they have special code added vanilla kernels don't have. Right?
That is perhaps one ( a marketing person spun ? ) way of looking at things.
- KB
On 01/25/2011 02:24 AM, Dave wrote:
Question: Are those alerts mostly specifically centos related or do they also affect the vanilla sources?
I don't recall having ever seen a security problem in the RHEL/CentOS kernel that didn't affect the upstream sources.
There's no need to rely on impressions, though. Go to: http://rhn.redhat.com/errata/rhel-server-errata-security.html Select "security" to trim down the number of entries listed. Search for "kernel" and open each one. The errata notice will state "This update fixes the following security issue:" and include a CVE ID. You can look that up to see if the upstream kernel is affected.