On Fri, 4 Oct 2019 at 08:18, Phelps, Matthew <mphelps at cfa.harvard.edu> wrote: > > On Fri, Oct 4, 2019 at 6:33 AM Jim Perrin <jperrin at centos.org> wrote: > > > > > > > On 10/3/19 9:35 PM, Stephen John Smoogen wrote: > > > On Thu, 3 Oct 2019 at 13:52, Phelps, Matthew <mphelps at cfa.harvard.edu> > > wrote: > > >> > > >> On Thu, Oct 3, 2019 at 1:42 PM Jim Perrin <jperrin at centos.org> wrote: > > >> > > >>> > > >>> > > >>> On 10/3/19 1:32 PM, Phelps, Matthew wrote: > > >>>> Forgive me if this has been answered before and I've missed it. > > >>>> > > >>>> This https://access.redhat.com/solutions/2206511 says live kernel > > >>> patches > > >>>> will be available via yum updates as of RHEL 7.7. Is this carried > > over to > > >>>> CentOS 7.7.1908? > > >>>> > > >>> > > >>> The functionality should be available, but we don't provide patches in > > >>> this way, no. > > > > > >> > > >> What would it take to make this happen? This would be a huge help to > > those > > >> of us running servers. Not to mention it would make the world a more > > secure > > >> place :) > > >> > > > > The short answer is "a team of kernel engineers, which we don't have". > > Smooge's overview which I've left below is great at explaining some of > > this: > > > > > I don't understand. If RHEL is putting out patches, and CentOS is a > recompile of RHEL, hasn't that "team of kernel engineers " already done the > work? > No. because most of the work on making a patch is after the kernel is compiled and working. Thus even though you have the same source code, similar compilers etc.. there are going to be differences which have to be looked at to make sure it is really working. A CentOS kernel is not exactly the same as a RHEL kernel is not the same as a Oracle kernel is not the same as the one you recompiled locally. From most operational points they seem the same, but kernel patching is where those differences really show up. Yes it would be easy to set up some automated tool which 'made' kpatches.. and I expect they may 'work' for most systems. But I also expect that they would also eat babies more times than people would like. If sites really need them, they can set up the tooling themselves and make them work when they know they want it. Trying to make it a general purpose answer for something which may corrupt data 5 or 20% or 40% of the time.. is just waiting to be on Slashdot daily (wait do we do Slashdot anymore.. Reddit? nope the kids aren't there anymore either.. ok someplace daily) in a bad way. -- Stephen J Smoogen.