On Sun, 2006-01-22 at 16:52 +0000, Timothy Murphy wrote: > On Monday 16 January 2006 16:12, Jeff Spaleta wrote: > > > > but in my view the default should be to keep the current, working kernel > > > as the default (as I believe it used to be). > > > > This makes for a very poor default for systems managed by novice fedora > > users. Novice users may not realize that they need to reconfigure their > > grub to take advantage of a security update kernel. Its very important that > > the default configuration is one that makes booting into security > > kernel updates as automatic as possible. For people with enough > > experience using Fedora to competently manage multiple remote systems, > > the configuration file /etc/sysconfig/kernel can be used to disable > > this default. > > I still think it is a bad idea to install the new kernel automatically. > The worst thing that can happen for a newbie > is that he turns on his laptop and it doesn't work. the alternative sucks just as much: there's a severe security hole and the user thinks he's safe because he enabled the yum cronjob. (in your "turn on the laptop" scenario you boot often enough that running the stale kernel isn't an issue, it can be in other circumstances. To be honest, the kernel breaking shouldn't happen too much. And as long as there is a known working kernel also in grub the damage is less than that of a severe break-in. So I'm arguing for a secure default versus the "has a small chance of breaking" trade-off you make into the other direction. I think chosing for secure is the right approach. It's hard enough to get people to apply security updates (hey this should be asked in firstboot: "Enable automatic (security) upadates?"); but if they do then it'd suck to then give them only a false sense of "I'm secure because I'm updated". -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list