[CentOS] Pulling in broadwell support for cent6u5

Thu Jun 16 03:29:21 UTC 2016
Johnny Hughes <johnny at centos.org>

On 06/15/2016 10:18 PM, Johnny Hughes wrote:
> On 06/15/2016 05:10 PM, jsl6uy js16uy wrote:
>> Thanks much for the the reply!
>> Some sec updates/bug fixes have been applied thru the run of 6u5 and after,
>> but yes, still firmly in 6u5 land. Guess will have to test.
>> Broadwell cpus do run in the OS, but "6u5" is stated as not supporting
>> 26XXv4 chipsets.
> Theoretically, it should be possible to run the latest kernel with other
> older CentOS-6 packages.  It may or may not function correctly.  That
> setup would NOT be supported for RHEL (for example).  You would
> therefore need to test it to see if it works well enough for you to use.
> But theoretically it is also possible to run whatever workload you are
> trying to run on the latest '6.7 + updates'.

And '6.8 + updates' .. did I forget that I released that less than a
month ago :)

> You would need to test both scenarios to see which one supports your
> workload the best.
> I would point out that we provide CentOS-6, which is defined as all the
> latest updates installed.  Point releases are just a mechanism to create
> installable trees and new installers for new hardware at a point in
> time. It has never been a tested scenario to only pick and choose
> updates while not installing all of them.
> There have been more than one CRITICAL update to CentOS since the 6.5
> tree and installable media were released, including several updates that
> correct security issues which have their own name and website.  Many of
> those issues are remotely exploitable .. the actual definition of a
> 'CRITICAL' update from Red Hat's perspective is:
> "This rating is given to flaws that could be easily exploited by a
> remote unauthenticated attacker and lead to system compromise (arbitrary
> code execution) without requiring user interaction. These are the types
> of vulnerabilities that can be exploited by worms. Flaws that require an
> authenticated remote user, a local user, or an unlikely configuration
> are not classed as Critical impact."
> Taken from:
> https://access.redhat.com/security/updates/classification
> I would think that a customer who had data stolen or was somehow hurt by
> an entity who purposely ran servers that came into contact with the
> internet and also purposely ran software that had CRITCAL and
> correctable security flaws present would be very upset.  I would also
> think that they would expect an entity to install every security update
> to protect their data .. But what do I know.
> Thanks,
> Johnny Hughes
>> On Wed, Jun 15, 2016 at 4:56 PM, John R Pierce <pierce at hogranch.com> wrote:
>>> On 6/15/2016 2:48 PM, jsl6uy js16uy wrote:
>>>> Hello, all. Hope all is well
>>>> Is it possible to install kernel and support files from 6u7 into a base
>>>> 6u5
>>>> image to achieve full broadwell support in 6u5?
>>>> We are "locked", clearly not fully since willing to up jump kernels, on
>>>> 6u5.
>>> "Locked", meaning you're running a ~3 old OS with no security or bugfix
>>> updates?    thats not good.
>>> All centos 6 systems are the same base version 2.6.32 kernel, with fixes
>>> and updates backported.   If you're asking, can you run the 2.6.32-573
>>> kernel with a 6u5 everything-else, well, everything else was never tested
>>> with that kernel.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20160615/55083405/attachment-0005.sig>