Thanks for the link to Lucas Nussbaum's blog entry, that was very useful. Given that debsecan typically seems to show fewer, less serious CVEs in sid/jessie than stable/wheezy for the workloads I have, I will do what I can to run Jessie for now.
There are certainly a bunch of important privilege escalation and bypass issues fixed leading up to 3.7 kernels (and since!), only some of which can be mitigated - but with a tight enough .config, I'd say it's the userland application vulnerabilities which are going to be the less complex attack vectors for a given system. On 25/10/14 02:31, W. Martin Borgert wrote: > Quoting csir...@yahoo.com.au: >> Could you give me your thoughts on what a negative vote on the >> current proposal would mean in practice? > The impact of different results has been analysed by Lucas Nussbaum: > "Tentative summary of the amendments of the init system coupling GR" > (http://www.lucas-nussbaum.net/blog/?p=845) > > For Debian 8 (Jessie), there is no need to fear anything. For later > versions it is hard to tell, because it does not depend much on the > vote, but mainly of what both upstream and Debian developers will do. > > Just take a look in the crystal ball: > > If systemd works well for most people, less effort will be put in > alternatives. If many people have problems with systemd, e.g. in > the embedded community, alternatives will continue to be relevant. > > Maybe there will be sufficient pressure on hardware companies to > support newer kernels on their hardware? > > Maybe in two, three years from now, there are good reasons, such as > security aspects, not to run a <= 3.7 kernel anyway? > > If security is not a concern, maybe just keep Debian 6/7/8 forever? > > Cheers > > -- To UNSUBSCRIBE, email to debian-embedded-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/544b5462.7020...@yahoo.com.au
