Greetings, Am Donnerstag, 13. Januar 2005 10:06 schrieb Christophe Chisogne: > Jan L�hr a �crit : > > Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of > > 2.4.18 from woody? > > On a production server, I would run 2.4, not 2.6.
m2 > And as Debian security > support seems better now for the 2.4.27 kernel, I would choose it. > It include fixes backported from kernel.org 2.4.28, even 2.4.29-rc1 Thanks. > Ex CAN-2004-1235 (uselib) is fixed since 2.4.29-rc1 at kernel.org > and will be fixed soon by upcoming (Debian) kernel-source-2.4.27-8 > (and kernel-image-2.4.27-xyz build from it) Sounds good. Will kernel-source-2.4.27 be available in days or weeks? > Or you can pick any kernel you want from kernel.org and build one > yourself, either the traditional (make config; make dep...) > or the Debian way (make config; make-kpkg -- via kernel-package). > With the latter (debian), you obtain a debian package for your > custom kernel. But that mean you become the local kernel/security > maintainer. You can avoid this burden by simply using > Debian kernel packages released by the kernel and security teams. Well, running an rc-/pre-release on a production server is quite risky. Btw. AFAIK kernel.org recommend not using their kernels, because they give no security support. > > Is all information available > > For my basic needs on this, I often use Google and the 2 links belows > > For infos about fixes in "Debian" 2.4.27 kernels, read changelogs in > kernel-source-2.4.27 package, by example -- by ex near end of > http://packages.debian.org/unstable/devel/kernel-source-2.4.27 > > For infos about fixes in "kernel.org" 2.4 kernels, read changelogs > and changesets on the kernel.org homepage Thanks. Using kernel-source.2.4.24 from seems to be a good option. Can the openwall / grsecurity patches be applied to kernel-source-2.4.27? Keep smiling yanosz
