On Fri, 8 May 2026 20:15:00 -0400 Sasha Levin <[email protected]> wrote:
> Livepatch is great when you have one. The problem is getting one... > > To get a livepatch, somebody has to write the fix, build it against the exact > kernel you're running (for distros, thats hundreds of different > kernel/arch/flavor combinations), sign it, and get it onto every machine. > > Most regular users won't be able to do it on their own because of secure boot > limitations, so they depend on their vendor to provide them with one. > > Yes, you could write a livepatch that just stubs the function out, same end > state as killswitch, but you still have to build, sign, and ship a module per > kernel to do it > > Killswitch would be just a single write to /sys which an ordinary user can do > to mitigate a critical issue immediately. OK, thanks. Worth adding the changelog in case someone else was wondering?
