On Mon, Jan 16, 2006 at 12:48:33PM -0600, Josh Boyer wrote: > I agree that kernels in extras is not a good idea. However, you have the > same security issues with kernel _modules_ in extras. Think OpenAFS > security issue, etc. With modules its less of a concern, as that usually means on the day it gets fixed upstream, a maintainer can respin a package with the fix-de-jour. For a kernel however, it's a lot more painful, as it a) takes longer to build b) takes longer to test (sometimes security fixes have knock-on consequences which can have dire consequences, such as being unable to boot in certain configurations) c) requires every kernel module package to need to be rebuilt too. > And don't think for a second that the same users you are talking about > won't file bugs against "kernel" for something that is really and extras > module issue. People see and oops and immediately think "Kernel bug!". I > fight that issue on a daily basis. It's already happening, though with modules it's less of an issue, because users in general will try and reproduce it without it loaded. If they encounter an issue with a -extras kernel however, and I asked them to reproduce it on a -core kernel, I'd put money on the majority of those bugs going silent, until they autoclose at end of life. Once people start using non-standard functionality, they become dependant on it, and are reluctant to switch to what they percieve as an 'inferior' solution. > Davej, I sympathize with you but you might want to start making "What > kernel module packages from Extras do you have installed?" a standard > question in your bug reports. In the cases of oopses, I already get that info. It's the non-oops bug-reports that are a problem, and asking users at times isn't a sure-fire way to find out. I've seen reports where users have claimed never to have loaded a binary module, and have editted out the 'tainted' part of a kernel oops, despite leaving other telltale signs that they had in fact loaded vmware, nvidia etc.. Dave -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
