Mailinglist Archive: opensuse-features (365 mails)

< Previous Next >
[openFATE 306907] Add support for Ksplice
  • From: fate_noreply@xxxxxxx
  • Date: Wed, 24 Mar 2010 12:08:27 +0100 (CET)
  • Message-id: <feature-306907-17@xxxxxxxxxxxxxx>
Feature changed by: Jiri Benc (jbenc)
Feature #306907, revision 17
Title: Add support for Ksplice

openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger)
reject date: 2009-08-12 10:52:21
reject reason: Let's evaluate for 11.3.
Priority
Requester: Important

- openSUSE-11.3: Evaluation
+ openSUSE-11.3: Rejected by (jbenc)
+ reject date: 2010-03-24 12:07:28
+ reject reason: Not enough resources in the kernel teams to provide
+ updates as ksplice patches.
Priority
Requester: Important

Requested by: Stephan Kleine (bitshuffler)

Description:
KSplice allows it currently to apply most but not all kernel updates
without the need to reboot which is especially great for servers. It's
backed by a newly founded corporation that continually tries to improve
it so hopefully sometime in the future a reboot wont be necessary for
any kernel update.
Fedora as well as Ubuntu already support it so openSUSE shouldn't stay
behind.
URL: http://www.ksplice.com/

Discussion:
#1: Harald Milz (suse2miha) (2009-08-04 21:16:55)
Ksplice will be THE reason for many webserver admins to choose Ubuntu
and not openSUSE. Don't lose any ground on the server market, make use
of Ksplice too.

#2: (bmwiedemann) (2009-10-09 11:37:37)
A presentation at LinuxTag 2009 from the ksplice guys as well as
http://en.wikipedia.org/wiki/Ksplice says, that all security patches
can be made rebootless. Only 12% of 64 studied patches needed manual
extra code (e.g. for updating structure data).
The proper way of distribution would of course also update /lib/modules
and /boot/vmlinuz/initrd but possibly patch the running kernel via a
rpm post-inst script.
I have noted that in the past, openSUSE kernel-updates happened later
than those for Debian and Ubuntu, but often contained several fixes at
a time. I guess, part of this is due to the reboot needed after a
kernel-update, so with Ksplice critical security fixes could reach
users faster.

#3: John Sheehy (jesheehy) (2010-02-10 03:36:17)
Ksplice or similar functionality is critical for production servers,
especially those exposed in the DMZ.
In the future there should never be an excuse that a security patch
didn't get applied since it required a reboot and a maintenance window
wasn't available right away.

+ #4: Jiri Benc (jbenc) (2010-03-24 12:06:24)
+ This is really two requests:
+ 1. Add the ksplice kernel module into the distribution.
+ 2. Provide the kernel updates as ksplice patches (most likely as an
+ alternative to the normal updates).
+ While 1. is easy, I don't see the kernel teams having enough resources
+ for 2. It will require the community to step in; anybody who's
+ interested in doing the work is welcome.
+ That said, 1. does not make sense without 2. If we find somebody who
+ does the work (please speak up if you are interested!), the module can
+ be distributed as a KMP and/or this feature can be reopened.



--
openSUSE Feature:
https://features.opensuse.org/306907

< Previous Next >
This Thread
  • No further messages