Hello, looking at the recent vanilla changes, there seem to be a rather rapid development at the moment ;-) and I've to confess, that I lost the overview, what sec-holes do affect debian and which don't.
I was frightend recently, then I noticed that 2.4.27 was fixing somecve-2004 stuff other a month ago as well as 2.6. Just take a look at CVE-2004-1017. It was fixed in red hat in january 2005 and fixed in debian in march 2006. Therefore I suspect, that the debian kernel do have some security flaws, fixed in mainline kernel months ago. Am I wrong here? This takes me to a difficult point: - I can run 2.4 on my servers, what is considered to be depracted for etch. - I can use the debian kernels and risk being compromised. - I can say goodbye to linux and use Debian/kBSD - I can use my own vanilla builds, building a new kernel every day. (Looking at the amount of patches since april 12th.) Anyway, what do you recommend? And is there any public status / shape information on the debian kernels? Thanks in advance, Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
