Feature changed by: Stefan Behlert (sbehlert) Feature #306907, revision 33 Title: Add support for Ksplice openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger) reject date: 2009-08-12 10:52:21 reject reason: Let's evaluate for 11.3. Priority Requester: Important openSUSE-11.3: Rejected by Jiri Benc (jbenc) reject date: 2010-03-24 12:07:28 reject reason: Not enough resources in the kernel teams to provide updates as ksplice patches. Priority Requester: Important openSUSE-11.4: Evaluation by project manager Priority Requester: Important Requested by: Stephan Kleine (bitshuffler) Product Manager: (Novell) - Project Manager: Jiri Benc (jbenc) + Project Manager: (Novell) Partner organization: openSUSE.org Description: KSplice allows it currently to apply most but not all kernel updates without the need to reboot which is especially great for servers. It's backed by a newly founded corporation that continually tries to improve it so hopefully sometime in the future a reboot wont be necessary for any kernel update. Fedora as well as Ubuntu already support it so openSUSE shouldn't stay behind. URL: http://www.ksplice.com/ Discussion: #1: Harald Milz (suse2miha) (2009-08-04 21:16:55) Ksplice will be THE reason for many webserver admins to choose Ubuntu and not openSUSE. Don't lose any ground on the server market, make use of Ksplice too. #2: (bmwiedemann) (2009-10-09 11:37:37) A presentation at LinuxTag 2009 from the ksplice guys as well as http://en.wikipedia.org/wiki/Ksplice says, that all security patches can be made rebootless. Only 12% of 64 studied patches needed manual extra code (e.g. for updating structure data). The proper way of distribution would of course also update /lib/modules and /boot/vmlinuz/initrd but possibly patch the running kernel via a rpm post-inst script. I have noted that in the past, openSUSE kernel-updates happened later than those for Debian and Ubuntu, but often contained several fixes at a time. I guess, part of this is due to the reboot needed after a kernel-update, so with Ksplice critical security fixes could reach users faster. #3: John Sheehy (jesheehy) (2010-02-10 03:36:17) Ksplice or similar functionality is critical for production servers, especially those exposed in the DMZ. In the future there should never be an excuse that a security patch didn't get applied since it required a reboot and a maintenance window wasn't available right away. #4: Jiri Benc (jbenc) (2010-03-24 12:06:24) This is really two requests: 1. Add the ksplice kernel module into the distribution. 2. Provide the kernel updates as ksplice patches (most likely as an alternative to the normal updates). While 1. is easy, I don't see the kernel teams having enough resources for 2. It will require the community to step in; anybody who's interested in doing the work is welcome. That said, 1. does not make sense without 2. If we find somebody who does the work (please speak up if you are interested!), the module can be distributed as a KMP and/or this feature can be reopened. #5: Michel Veltman (gwayne) (2010-04-12 09:08:39) Just for the record I would add the functionaly to the kernel anyway so people can play with it. Even when the kernelteam does not yet deliver the paches in ksplice format. Because If we later decide to offer the ksplice patches it can be done. #6: Michal Marek (michal-m) (2010-04-12 13:55:24) (reply to #5) Are there any kernel modifications needed on our side? From a short look at http://www.ksplice.com/dist/ksplice-0.9.9-src.tar.gz, it's a set of userspace programs and a kernel module template that gets compiled when you apply a ksplice patch. #7: John Shand (jshand2008) (2010-04-12 21:54:10) From what i can tell from their website, this is a non-free software package..... #8: Bernhard Wiedemann (bmwiedemann) (2010-04-13 09:32:17) (reply to #7) The website is mostly about the commercial services offered.Nevertheless http://www.ksplice.com/dist/ksplice-0.9.9-src.tar.gz contains in its "COPYING: file GNU GENERAL PUBLIC LICENSE Version 2, June 1991 and .c and .pl files state in their head * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2. only those in kmodsrc/x86/libudis86/ have a different, more liberal license (BSD-License) So this is simply free software. @Michel & @Michal: ksplice should be working on vanilla kernels, so no kernel patch needed. #9: Michal Marek (michal-m) (2010-04-13 14:13:28) (reply to #8) OK, in that case all we need to get basic ksplice enablement is to package the ksplice scripts and submit them to Factory. This can be done by anyone. As for providing ksplice kernel patches, see comment #4. -- openSUSE Feature: https://features.opensuse.org/306907