Conversation

Notices

1. Embed this notice
   Vegard Nossum (vegard@mastodon.social)'s status on Friday, 17-May-2024 16:14:14 JST Vegard Nossum

   in reply to

   • Thorsten Leemhuis (acct. 1/4)

   @kernellogger On the other hand, what's the difference between a distro branching off and backporting stuff from mainline and upstream stable branching off and backporting stuff from mainline? Why can the upstream stable maintainers do this and "a team of engineers" cannot? I think the difference could be better characterized and (if you pardon the expression) makes all the difference.

   • Embed this notice
     Greg K-H (gregkh@social.kernel.org)'s status on Friday, 17-May-2024 16:14:14 JST Greg K-H

     in reply to

     • Thorsten Leemhuis (acct. 1/4)
     @vegard @kernellogger "a team of engineers" COULD do that (hint, Android does, by just taking the stable updates), but the paper shows that a specific "team of engineers" currently does NOT do that, which puts the users of those kernels potentially at a greater risk.
     
     Read the paper, it's interesting.
     
     Disclosure, I read it before it was published, but had no influence on it at all.
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Thorsten Leemhuis (acct. 1/4) (kernellogger@fosstodon.org)'s status on Friday, 17-May-2024 16:14:15 JST Thorsten Leemhuis (acct. 1/4)

     Jeremy Allison writes:

     '" The data shows that “frozen” vendor #Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream “stable” Linux #kernel created by Greg Kroah-Hartman. '"

     https://ciq.com/blog/why-a-frozen-linux-kernel-isnt-the-safest-choice-for-security/ #LinuxKernel