> On 2 Jan 2018, at 19:47, Wols Lists <antli...@youngman.org.uk> wrote: > > You should also check the CVEs every time there's a new kernel!
Who the heck's got time for that? Really? I have a life, mate. And that means I have better things to do with my time. Translation of what you just said: you should buy a Mac, because Linux is so much work you have to check security bulletins all the time. > What this completely misses, is that gentoo-sources merely DOWNLOADS THE > LATEST KERNEL SOURCE. So updating gentoo-sources every time does nothing > to change the kernel you are running. I don't know why you think I missed that. If you `emerge gentoo-sources` then updates of them will appear every time you --pretend update world until you allow them to be emerged, hence my use of the word "nagged". If you want to install them, that's your prerogative, but just allowing them to be automatically emerged fills up your system with unwanted uncompressed kernel sources, consuming huge amounts of space. 20GB should be ample space for an operating system IMO, but between /usr/src and /usr/portage it's pretty easy to consume a quarter of that. I'm happy to do things your way if you're contributing to my hosting bill, but from the sounds of it this is about the way YOU choose to administer YOUR systems, and that you think I should be deferential to that. Do you not think, in my nearly 20 years of using *nix systems and reading *nix related mailing lists, I've never heard someone advocate these kind of security principles before? These kind of arguments are theoretical. In the real world, there are millions of people still running Windows XP and now-obsolete versions of Android on their phones. A kernel that's a few months old is hardly likely to hurt me. Stroller. D
