Mailinglist Archive: opensuse-features (203 mails)
| < Previous | Next > |
[openFATE 306907] Add support for Ksplice
- From: fate_noreply@xxxxxxx
- Date: Mon, 12 Apr 2010 13:55:28 +0200 (CEST)
- Message-id: <feature-306907-20@xxxxxxxxxxxxxx>
Feature changed by: Michal Marek (michal-m)
Feature #306907, revision 20
Title: Add support for Ksplice
openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger)
reject date: 2009-08-12 10:52:21
reject reason: Let's evaluate for 11.3.
Priority
Requester: Important
- openSUSE-11.3: Rejected by (jbenc)
+ openSUSE-11.3: Rejected by Andreas Jaeger (jbenc)
reject date: 2010-03-24 12:07:28
reject reason: Not enough resources in the kernel teams to provide
updates as ksplice patches.
Priority
Requester: Important
Requested by: Stephan Kleine (bitshuffler)
Description:
KSplice allows it currently to apply most but not all kernel updates
without the need to reboot which is especially great for servers. It's
backed by a newly founded corporation that continually tries to improve
it so hopefully sometime in the future a reboot wont be necessary for
any kernel update.
Fedora as well as Ubuntu already support it so openSUSE shouldn't stay
behind.
URL: http://www.ksplice.com/
Discussion:
#1: Harald Milz (suse2miha) (2009-08-04 21:16:55)
Ksplice will be THE reason for many webserver admins to choose Ubuntu
and not openSUSE. Don't lose any ground on the server market, make use
of Ksplice too.
#2: (bmwiedemann) (2009-10-09 11:37:37)
A presentation at LinuxTag 2009 from the ksplice guys as well as
http://en.wikipedia.org/wiki/Ksplice says, that all security patches
can be made rebootless. Only 12% of 64 studied patches needed manual
extra code (e.g. for updating structure data).
The proper way of distribution would of course also update /lib/modules
and /boot/vmlinuz/initrd but possibly patch the running kernel via a
rpm post-inst script.
I have noted that in the past, openSUSE kernel-updates happened later
than those for Debian and Ubuntu, but often contained several fixes at
a time. I guess, part of this is due to the reboot needed after a
kernel-update, so with Ksplice critical security fixes could reach
users faster.
#3: John Sheehy (jesheehy) (2010-02-10 03:36:17)
Ksplice or similar functionality is critical for production servers,
especially those exposed in the DMZ.
In the future there should never be an excuse that a security patch
didn't get applied since it required a reboot and a maintenance window
wasn't available right away.
#4: Jiri Benc (jbenc) (2010-03-24 12:06:24)
This is really two requests:
1. Add the ksplice kernel module into the distribution.
2. Provide the kernel updates as ksplice patches (most likely as an
alternative to the normal updates).
While 1. is easy, I don't see the kernel teams having enough resources
for 2. It will require the community to step in; anybody who's
interested in doing the work is welcome.
That said, 1. does not make sense without 2. If we find somebody who
does the work (please speak up if you are interested!), the module can
be distributed as a KMP and/or this feature can be reopened.
#5: Michel Veltman (gwayne) (2010-04-12 09:08:39)
Just for the record I would add the functionaly to the kernel anyway so
people can play with it. Even when the kernelteam does not yet deliver
the paches in ksplice format.
Because If we later decide to offer the ksplice patches it can be done.
-
+ #6: Michal Marek (michal-m) (2010-04-12 13:55:24) (reply to #5)
+ Are there any kernel modifications needed on our side? From a short
+ look at http://www.ksplice.com/dist/ksplice-0.9.9-src.tar.gz, it's a
+ set of userspace programs and a kernel module template that gets
+ compiled when you apply a ksplice patch.
--
openSUSE Feature:
https://features.opensuse.org/306907
Feature #306907, revision 20
Title: Add support for Ksplice
openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger)
reject date: 2009-08-12 10:52:21
reject reason: Let's evaluate for 11.3.
Priority
Requester: Important
- openSUSE-11.3: Rejected by (jbenc)
+ openSUSE-11.3: Rejected by Andreas Jaeger (jbenc)
reject date: 2010-03-24 12:07:28
reject reason: Not enough resources in the kernel teams to provide
updates as ksplice patches.
Priority
Requester: Important
Requested by: Stephan Kleine (bitshuffler)
Description:
KSplice allows it currently to apply most but not all kernel updates
without the need to reboot which is especially great for servers. It's
backed by a newly founded corporation that continually tries to improve
it so hopefully sometime in the future a reboot wont be necessary for
any kernel update.
Fedora as well as Ubuntu already support it so openSUSE shouldn't stay
behind.
URL: http://www.ksplice.com/
Discussion:
#1: Harald Milz (suse2miha) (2009-08-04 21:16:55)
Ksplice will be THE reason for many webserver admins to choose Ubuntu
and not openSUSE. Don't lose any ground on the server market, make use
of Ksplice too.
#2: (bmwiedemann) (2009-10-09 11:37:37)
A presentation at LinuxTag 2009 from the ksplice guys as well as
http://en.wikipedia.org/wiki/Ksplice says, that all security patches
can be made rebootless. Only 12% of 64 studied patches needed manual
extra code (e.g. for updating structure data).
The proper way of distribution would of course also update /lib/modules
and /boot/vmlinuz/initrd but possibly patch the running kernel via a
rpm post-inst script.
I have noted that in the past, openSUSE kernel-updates happened later
than those for Debian and Ubuntu, but often contained several fixes at
a time. I guess, part of this is due to the reboot needed after a
kernel-update, so with Ksplice critical security fixes could reach
users faster.
#3: John Sheehy (jesheehy) (2010-02-10 03:36:17)
Ksplice or similar functionality is critical for production servers,
especially those exposed in the DMZ.
In the future there should never be an excuse that a security patch
didn't get applied since it required a reboot and a maintenance window
wasn't available right away.
#4: Jiri Benc (jbenc) (2010-03-24 12:06:24)
This is really two requests:
1. Add the ksplice kernel module into the distribution.
2. Provide the kernel updates as ksplice patches (most likely as an
alternative to the normal updates).
While 1. is easy, I don't see the kernel teams having enough resources
for 2. It will require the community to step in; anybody who's
interested in doing the work is welcome.
That said, 1. does not make sense without 2. If we find somebody who
does the work (please speak up if you are interested!), the module can
be distributed as a KMP and/or this feature can be reopened.
#5: Michel Veltman (gwayne) (2010-04-12 09:08:39)
Just for the record I would add the functionaly to the kernel anyway so
people can play with it. Even when the kernelteam does not yet deliver
the paches in ksplice format.
Because If we later decide to offer the ksplice patches it can be done.
-
+ #6: Michal Marek (michal-m) (2010-04-12 13:55:24) (reply to #5)
+ Are there any kernel modifications needed on our side? From a short
+ look at http://www.ksplice.com/dist/ksplice-0.9.9-src.tar.gz, it's a
+ set of userspace programs and a kernel module template that gets
+ compiled when you apply a ksplice patch.
--
openSUSE Feature:
https://features.opensuse.org/306907
| < Previous | Next > |