On Thursday 18 April 2013 14:33:51 green wrote: > Darac Marjal wrote at 2013-04-18 04:05 -0500: > > On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote: > > > Security issues, which affect modules, but not the kernel itself, may > > > not cause the need of a new kernel. When people lik me and others on > > > this list, are using a very small kernel, with minimalistic modules, > > > and the security issues affect modules, which are not built nor > > > installed, then there is no need, to install a new kernel. > > > > Out of curiosity, where is the evidence for this FUD that people are > > coming up with that the kernel core CANNOT have a security issue? > > I think that what Hans wrote above is ambiguous, I assume Hans meant > "[Those] security issues which affect modules…"
It is as you say ambiguous. I took him to mean "Security issues do not affect the kernel (ever), so security updates can never be required for a bare kernel. They are only required if they affect the particular modules which are compiled on that kernel." And I had a job not being ambiguous myself. I hope that I have succeeded. I am very ignorant about kernels and was interested to learn that the kernel itself has no security problems; especially as I thought that there had been an exploit a couple of years ago, which necessitated temporarily shutting the site down. Having just Googled, I find the info on that exploit ambiguous too as to the risk to the core of the kernel. So I am still none the wiser. :-( Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304181605.43616.lisi.re...@gmail.com
