Am Freitag 28 November 2008 09:41:55 schrieb ext Thanasis: > Regarding kernel maintenance, mostly from the point of view of security, > which is the best way to go: > 1) Having gentoo-sources in /var/lib/portage/world, which would mean the > sources would be upgraded whenever portage marks a newer version as > stable (provided someone follows stable)? > 2) Not having gentoo-sources in /var/lib/portage/world, which would mean > the sources would be upgraded only as a dependency for some other > package (which is quite improbable/rare)? > > (or, I may be missing something :-) )
Yes. Having the _sources_ upgraded doesn't gain you anything. You have to
actually compile a new kernel from them and reboot the system with that new
kernel. Do you do this right after every kernel source update? I don't. I only
do this when it's possible to reboot the machine.
That's the reason why I don't care kernel source upgrades via package manager
on any system. Only when it's possible to reboot the machine, I update the
kernel sources via git (much faster than installing a complete package), build
the new kernel and eventually update all out-of-tree modules via
portage/paludis beforehand.
HTH...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: [EMAIL PROTECTED]
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: wwwkeys.pgp.net
signature.asc
Description: This is a digitally signed message part.
