On 07/01/2009 01:48 PM, Jochen Schmitt wrote: > > On Fedora we have kernels from the 2.6.27 and from the 2.6.28 series. > This means, that you have to create seperates kernel patch modules for > each kernel release which was submitted for Fedora-10. This is why I suggested it would be practical to set a bar. The example I gave was a kernel which was the latest kernel in the past two weeks. This would usually be one, occasionally two. For a sysadmin, it's pretty easy to schedule a reboot within two weeks. '-r now' can be impossible. > The reseason to do it, is that ksplice is not able to handled patches, > which may change global data structures. Have there been remotely exploitable and/or CVSS 'high' kernel problems for which the patches need to change global data structures? Perhaps I'm just unaware of them. Besides this, Jon Masters' post says ksplice can handle this (unless I'm misunderstanding his post). Even though it can, if a bar as set above were set, Fedora wouldn't need to. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/ Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: bill@xxxxxxxxxxxxxxxx Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
