On Tue, 01 Mar 2005 19:56:07 +0100, Arjan van de Ven wrote: > In practice those ALWAYS change. That's just speaking from experience. > Fedora doesn't have kernel updates that are "just" minimal security > fixes. So I noticed. Right now it's a moot point because there are no patch RPMs, but in future it might be worth making sure the amount you need to download to stay secure is minimal. Otherwise dialup users are going to be immediately left behind and insecure. Something for the future though. > And even with those it's really hard to not break the internal > abi (or even to know you didn't break the abi, since there is no abi > definition or no way to really check it) to the point that it's ALWAYS > better to just recompile. An ABI is a precise thing, I see that modversions already bases the checksums on things like struct size (though in my kernels it looks like every symbol changes so maybe it's random too). It should be possible to look at a bugfix and say "Yep that doesn't change the ABI". There are other types of breaking change which are harder, like 4k stacks, but recompiling doesn't fix them anyway. So it doesn't matter from the module loaders perspective. > Once you're set up for that, there's no point > in doing weird hacks for the 1 in 100 where you could avoid the > recompile; it's then so rare that it becomes REALLY fragile and just > breaks more than it fixes. If Fedoras security updates were actually just security updates, and not "fix a security bug and also rebase the kernel to a new patchset" then it wouldn't be rare and fragile. But that's a totally different area of policy I don't want to get into now .... OK, thanks for explaining this Arjan. I'll consider the matter closed. thanks -mike
