I agree, and SuSE demonstrated that even ordinary RPMs are not trival, since the depencies may have changed on build host, which could make the rebuild RPM unusable on other hosts.
$ rpm -qpl k_deflt.rpm |grep /modules/|wc -l 803 $ The upcoming 2.4 kernel: 1117 kernel modules. Needless to say that this is a bit worksome.
What I wanted to say, is, that the kernel is so special, that every admin should know, how to build it, and apply patches. Just like very windoze user knows how to reboot ...
I think I know how to build a kernel, and I built a lot of. But I don't want to do it, and make a useful kernel RPM is another task than just building a kernel. Remember modules like freeswan.
That's where we still have a problem: freeswan. It is one of the few packages that have their own kernel module (usually the modules are inside the kernel rpm).
Building kernels is more complex than it seems to be, there are a lot of patches for some device drivers, patches with interfere each other, like kerneli and freeswan and others.
From my point of view it's not nessacary for every admin to reinvent the wheel (or a kernel RPM), it should be task of the vendor. But currently there are problems (missing announcements, missing kernel module updates and others).
It's as with cars: In the beginning, everybody must have been able to take apart the engine to repair it. Later, when technique became too complex on the one side and when people who didn't know anything about engines could drive, mechanics took over that part. A few years back everybody compiled her own kernel, and today it is expected that the mechanics solve that problem. And I fully agree with that.
I asked already on this list, let me repeat my question:
Which kernel RPM (without the <2.2.18 ptrace bug) is working with with distribution? Are the kernel depended packages (like freeswan) available? Usually it's nessasary to update them as well - at least when changing the kernel version.
There are multiple bugs in the kernel, and the ptrace bug is only one of them. All kernels that can currently be found on ftp.suse.com/pub/suse/i386/update/* do fix the known security problems. These kernels call themselves 2.2.18, but they are basically 2.2.19 with only a few items missing (most important the version number change). Installation: rpm -Uhv k_deflt.rpm mk_initrd lilo We are very close to the announcement.
Steffen
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -