On Mon, 11 Feb 2008, Ross S. W. Walker wrote: > Dag Wieers wrote: > > On Mon, 11 Feb 2008, jarmo wrote: > > > > > Ofcource there's a way, get vanilla kernel 2.6.24.2 and use > > old config > > > compile it and run. I've done it. > > > > And *poof* you lost all support or reproducability that > > people crave when > > using CentOS or RHEL. > > > > So yes, it is a possibility, but probably unlikely when > > people have chosen > > CentOS or RHEL. And especially for those systems that are considered > > production (or important) and that are the most vulnerable you may not > > want to do this. (Or maybe instead you need to !) > > Yes, true, but say you are running a shell account system and want to > know it isn't vulnerable, can't wait until upstream provides a fix > and don't want to run some possibly flaky work-around patch, what > then? > > I think one needs to weigh the consequences in these scenarios instead > of saying it should be all one way or the other. Then I would opt to patch the latest Red Hat kernel with eg. the Debian patch rather than running a 2.6.24.2 kernel that may have numerous yet-unknown compatibility problems with parts of the system that interact with the kernel. And I would make an RPM out of it that upgrades smoothly to the next CentOS release. But then again, this would be advice for a minority and not something I would recommend to everyone on this list. -- -- dag wieers, dag at centos.org, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]