[project] https://ciq.com/whitepaper/vendor-kernels-bugs-stability/
https://ciq.com/whitepaper/vendor-kernels-bugs-stability/ [quote] A vendor kernel is an insecure kernel. A late cycle stabilized vendor kernel is doubly so. [/quote] If I understand this, it means Leap's default kernels are among the least secure available. :( -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata
On 5/17/24 9:16 PM, Shawn W Dunn wrote:
For those who might not be up to speed - CIQ is the corporate backing of Rocky Linux, who established themselves by cloning Red Hat Enterprise Linux (RHEL) and selling their own service contracts for RHEL / Rocky. When their job got harder after Red Hat decided to follow the letter of the GPL and only provide the source code of the binaries they deliver to the customers to whom they deliver them, and to not have entities like CIQ/Rocky as customers anymore, they helped stir the community outrage machine against Red Hat. Adjacent to the openSUSE project, SUSE did not seize the opportunity to say "if you don't like how this went, here is a better product than RHEL developed by the brilliant minds at SUSE". Instead, they joined forces with CIQ to say "it's so unfair that it's harder for us to pump out RHEL clones now, and since that's all anyone wants to use, we are banding together to help each other ensure the future of copying RHEL". Additional context on CIQ: https://medium.com/@gordon.messmer/will-ciqs-new-support-program-alienate-th...
On Fri 2024-05-17, Shawn W Dunn wrote:
Always consider the source, and what they're trying to sell.
Also this: "In addition, some of these bugs may be in code paths that are disabled via kernel config file settings. No analysis has been done on which bugs may be enabled or disabled for a specific vendor kernel config." Gerald, who was surprised to find there even is a Wikipedia page https://en.wikipedia.org/wiki/Conditional_compilation
On Saturday, May 18th, 2024 at 5:00 AM, Felix Miata <mrmazda@earthlink.net> wrote:
I personally wouldn't trust much of that particular source's "technical opinion", but then they're part of the OpenELA[1] so they must know something if a company like SUSE is willing to show up together with them to the party... ¯\_(ツ)_/¯ -- Br, A. 1: https://openela.org/
On Sat, May 18, 2024 at 12:00 AM Felix Miata <mrmazda@earthlink.net> wrote:
Enterprise kernels and other software maintained via similar processes/choices exists to avoid regressions in (deployed and harder to update) production systems and patch security issues relevant to that scenario. They do not exist to be generally the most secure or bug-free. If that is your aim, you want Tumbleweed or something else that more closely tracks the latest releases. Best, Lars
participants (7)
-
Attila Pinter
-
Felix Miata
-
Gerald Pfeifer
-
John Kizer
-
Lars Marowsky-Bree
-
Martin Schröder
-
Shawn W Dunn