[CentOS] Pulling in broadwell support for cent6u5

Thu Jun 16 03:18:59 UTC 2016
Johnny Hughes <johnny at centos.org>

On 06/15/2016 05:10 PM, jsl6uy js16uy wrote:
> Thanks much for the the reply!
> Some sec updates/bug fixes have been applied thru the run of 6u5 and after,
> but yes, still firmly in 6u5 land. Guess will have to test.
> Broadwell cpus do run in the OS, but "6u5" is stated as not supporting
> 26XXv4 chipsets.
> 

Theoretically, it should be possible to run the latest kernel with other
older CentOS-6 packages.  It may or may not function correctly.  That
setup would NOT be supported for RHEL (for example).  You would
therefore need to test it to see if it works well enough for you to use.

But theoretically it is also possible to run whatever workload you are
trying to run on the latest '6.7 + updates'.

You would need to test both scenarios to see which one supports your
workload the best.

I would point out that we provide CentOS-6, which is defined as all the
latest updates installed.  Point releases are just a mechanism to create
installable trees and new installers for new hardware at a point in
time. It has never been a tested scenario to only pick and choose
updates while not installing all of them.

There have been more than one CRITICAL update to CentOS since the 6.5
tree and installable media were released, including several updates that
correct security issues which have their own name and website.  Many of
those issues are remotely exploitable .. the actual definition of a
'CRITICAL' update from Red Hat's perspective is:

"This rating is given to flaws that could be easily exploited by a
remote unauthenticated attacker and lead to system compromise (arbitrary
code execution) without requiring user interaction. These are the types
of vulnerabilities that can be exploited by worms. Flaws that require an
authenticated remote user, a local user, or an unlikely configuration
are not classed as Critical impact."

Taken from:
https://access.redhat.com/security/updates/classification

I would think that a customer who had data stolen or was somehow hurt by
an entity who purposely ran servers that came into contact with the
internet and also purposely ran software that had CRITCAL and
correctable security flaws present would be very upset.  I would also
think that they would expect an entity to install every security update
to protect their data .. But what do I know.

Thanks,
Johnny Hughes

> On Wed, Jun 15, 2016 at 4:56 PM, John R Pierce <pierce at hogranch.com> wrote:
> 
>> On 6/15/2016 2:48 PM, jsl6uy js16uy wrote:
>>
>>> Hello, all. Hope all is well
>>> Is it possible to install kernel and support files from 6u7 into a base
>>> 6u5
>>> image to achieve full broadwell support in 6u5?
>>> We are "locked", clearly not fully since willing to up jump kernels, on
>>> 6u5.
>>>
>>
>>
>> "Locked", meaning you're running a ~3 old OS with no security or bugfix
>> updates?    thats not good.
>>
>> All centos 6 systems are the same base version 2.6.32 kernel, with fixes
>> and updates backported.   If you're asking, can you run the 2.6.32-573
>> kernel with a 6u5 everything-else, well, everything else was never tested
>> with that kernel.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20160615/3c8ec1b8/attachment-0005.sig>