On 03/06/18 20:05, Clifford Ilkay via talk wrote: > By the way, I don't understand why long up times are considered to be some > sort of badge of honour. If you're doing regular updates even with very > conservative distributions, like CentOS or Debian stable, you're going to > have to reboot your server due to kernel updates at least every few months.
There are a few kernel hot fix tools out there to address this. Canonical offer canonical-livepatch: https://www.ubuntu.com/server/livepatch SuSE has kGraft: https://www.suse.com/products/live-patching/ RedHat develops kpatch: https://access.redhat.com/articles/2475321 - I'm not sure how they distribute patches. Oracle bought ksplice: http://ksplice.oracle.com/ Shameless self-promotion - I think ours is the easiest to setup - snap install, livepatch enable and you're all set. That and you get 3 tokens free whereas all the other offerings seem to require paid subscriptions. You can get a $0 ksplice license for a single desktop system I think, but other than that, Oracle seem to only support their own Linux with it now. None of these helped with spectre/meltdown but for any other patches that I've seen, patches just happen. These tools give more flexibility in terms of planning infrastructure reboots while keeping systems stable and secure. I highly recommend running one! Cheers, Jamon --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
