Alan McKinnon wrote: > On Sunday 08 November 2009 23:20:31 Stroller wrote: > >>> You really need to learn to make your own kernel. ... >>> >> Whilst I agree in principle that a good (slim?) kernel is better and >> your comments on that, I am sceptical whether the majority of people >> have the knowledge to make any significant performance or security >> improvements. >> >> AIUI the kernels shipped by distros like Red Hat, for instance, are >> configured by the very people that work on and maintain the mainline >> kernel tree. How can any of us simple end-users compete with that? >> >> I imagine it to be very easy for any of us normal people to enable or >> disable options that make significant performance impact - but we >> would never know it, because we're not benchtesting it or even >> qualified to assess proper benchtests. >> >> I cannot believe that in a day you could study this subject >> sufficiently to have any reasonable competence on the matter. And thus >> if you do spend only a day, that's wasted time. I would add that the >> kernel is evolving constantly, and in a year's time your knowledge - >> and your .config - is likely to be at least somewhat outdated. >> >> I chose to copy the .config from Knoppix because it's easy to get hold >> of that, but also because it's selected by someone who knows more than >> me, and it is likely to work with any hardware I install into my >> machine or connect by USB. I take Volker's point that a LiveCD .config >> could be the worst possible choice so I'm open to alternatives, but >> I hope those who say I should "learn to make your own kernel" >> appreciate my points over how effectual that will be - sure, I can >> delete my .config and start again with `make menuconfig` and I can go >> through every option and read the help, and I'm sure I'll get just as >> good results as 80% of the people on this list, but I just don't know >> that that's much of an answer. >> > > You are reading way more into the subject than is actually there. > > Red Hat employees do work on mainline and do write kernel code. But finding a > bug, writing new code and fixing security exploits are very different > activities to simply configuring the code that is there. And that is what RH > do - they take the code that is already there, apply whatever backport and > experimental patches suits their distro, then go through menuconfig switching > some things on and some things off. Their needs are different to yours - they > need their kernel to run on just about any hardware on the planet, so they > build a horrendously complex initrd with support for every known boot device, > then build every module that even half-way works. And also enable every known > kernel sub-system (because someone somewhere is going to use it). > > By your analogy, you might consider Red Hat more qualified than you to decide > if you should build an MTA with or without LDAP support. Which is of course > patently ridiculous - if you know you need LDAP then you need it. Otherwise > you don't (and this is not a security issue, it's a features issue) > > If you configure your own kernel, you only need build the bits you use. The > sole benefit for a Gentoo users to using a custom distro kernel is support > for > things not in mainline (like some entire FibreChannel product ranges out > there). But please note that even if you copy an RH .config, you do not have > those patches to hand so you will not get those extra features. Unless you > patched the ebuild yourself, in which case you are already au-fait with > building a kernel and we would not be having this discussion. > > In summary, I hear your reasoning and understand your concerns. But it is > flawed and you are worried about something that is not actually there. > >
What he said plus this little tidbit of info. When I built my first kernel, I had no howto except for the basic instructions in the Gentoo install guide. This was about 6 years or so ago and there was not a lot on configuring a kernel except for the options Gentoo needed. It took me three tries to get one to boot and work pretty well and all of a hour at most. A lot of that hour was compiling the kernel. You seem to think it takes a rocket scientist to build a kernel, it doesn't. You just have to know what hardware you have and then enable the features you need. Once you get a good one built, using make oldconfig works really well. You can config a kernel in less than five minutes most likely then compile and you are done. If you update fairly regular, make oldconfig will work fine and not cause you the trouble you had in the beginning. Dale :-) :-)
