Hi and thanks for aswering... > You are correct that the kernel-source has not yet been updated. Don't > forget that Debian has to coordinate the build and simulataneous release > of lots of kernel-image-* packages. Even with that, serious and > critical vulnerabilities (of which the one you cite is not) are dealt > with swiftly.
Yes, I know that, but I saw that situation (kernel-source not updated) and I didnt know if always was the same... but you tell me that it is mantained and that's ok for me. You had cleared my doubt about this, so I thank you very much. > That would be a Bad Idea(TM). Kernels shipping from kernel.org are > never patched for security. They simply release new versions. Thus, if > kernel x.y.z works for you and some critical vulnerability is announced, > you will have to upgrade to kernel x.y.z+1. the reason for that is > becuase kernel.org does not directly support end users. It is primarily > a source for distribution packagers and maintainers to obtain sources > from which to build distribution-specific kernels. Ok, I didnt know that... :) Thanks again and sorry my ogly english :) -- Cheers Martin C.
