Jeff Waugh wrote:
It is indeed a bad idea, but in my own experience the perception that 'it is better to compile your own kernel on a production server' is widespread.<quote who="O Plameras">
He once said, if you have a point, Hammer on that point;
Oscar, you claimed that "building kernels is required for securing servers". You have not backed that up. You have not provided any substantial evidence to suggest - particularly to the disbelieving eyes of experienced admins on this list - that your claim has any basis in fact.
I suggested a number of reasons why building kernels is *not* required for securing servers, and a number of reasons why building kernels may actually adversely affect your server's security.
A belief in what you've claimed is not shared by experienced sysadmins here,
and it flies in the face of security theory, let alone practice. I'd be
interested to find out how you came to believe this - it's a dangerous idea
that I hope is not widespread.
One amusing thing I note is that more people are under the impression that compiling an entire kernel is necessary for adding a single driver module to their systems. That's mainly the fault of Shit Documentation (TM) than the users though.
The other thing that's worh mentioning (and more to do with security than the point above) is that if there's a few hundred thousand people using the exact same kernel build as you, you have the advantage on being able to pool resources with them via your distributions bug mechanism. Ie, more people notice more stuff more often.
Mike -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
