I agree with Hans. For instance, I had a sid box back in the day which was my dhcp server (an old laptop). It was behind a firewall, and not accessible from the internet. (I know, no security is 100%, but i have defense in depth.) Plus, I too had built a minimal kernel.
In any case, my record is somewhere around 700 days, just short of 2 years. Then we had a power outage that burned through the UPS and the laptop battery... On Wed, Apr 17, 2013 at 4:43 PM, Hans-J. Ullrich <hans.ullr...@loop.de>wrote: > It is interesting. Whenever I someone is telling of big uptime, the > arguiment > is: > > Your server can not be secure! You have an old kernel! You MUST > install/update > the newest kernel and of course reboot. > > But this is not correct. For which reason a new kernel is necessary? > > 1. If there are extrem changes in the environment (unsupported new > hardware or > major software changes) > > 2. Security issues > > But a kernel can stay very, verry long time. On machines, where you do not > change hard or software (i.e. new filesystems like btrfs), an old kernel > will > work perfectly. > > Security issues, which affect modules, but not the kernel itself, may not > cause > the need of a new kernel. When people lik me and others on this list, are > using a very small kernel, with minimalistic modules, and the security > issues > affect modules, which are not built nor installed, then there is no need, > to > install a new kernel. > > So it is wrong to conclude and to say: Hey, your uptime is high, this > concludes to an unsecure host due to an old kernel. To say so, is a big > mistake! > > Just to clear things. :) > > Anyway, let's have fun at hacking. > > Best regards > > Hans > > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/201304172243.28312.hans.ullr...@loop.de > >
