Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of 2.4.18 from woody?
On a production server, I would run 2.4, not 2.6. And as Debian security support seems better now for the 2.4.27 kernel, I would choose it. It include fixes backported from kernel.org 2.4.28, even 2.4.29-rc1
Ex CAN-2004-1235 (uselib) is fixed since 2.4.29-rc1 at kernel.org and will be fixed soon by upcoming (Debian) kernel-source-2.4.27-8 (and kernel-image-2.4.27-xyz build from it)
Or you can pick any kernel you want from kernel.org and build one yourself, either the traditional (make config; make dep...)
or the Debian way (make config; make-kpkg -- via kernel-package).
With the latter (debian), you obtain a debian package for your
custom kernel. But that mean you become the local kernel/security
maintainer. You can avoid this burden by simply using
Debian kernel packages released by the kernel and security teams.
Is all information available
For my basic needs on this, I often use Google and the 2 links belows
For infos about fixes in "Debian" 2.4.27 kernels, read changelogs in kernel-source-2.4.27 package, by example -- by ex near end of http://packages.debian.org/unstable/devel/kernel-source-2.4.27
For infos about fixes in "kernel.org" 2.4 kernels, read changelogs and changesets on the kernel.org homepage
Christophe
