Hi, 2018-02-26 15:16 GMT+01:00 Greg KH <greg@xxxxxxxxx>: > On Mon, Feb 26, 2018 at 02:15:53PM +0100, Piotr Figiel wrote: >> 2018-02-24 16:50 GMT+01:00 Greg KH <greg@xxxxxxxxx>: >> > Also note that the 4.1 kernel is very old and obsolete and insecure, and >> > should NOT be used for any devices in the year 2038. >> According to kernel.org website 4.1 has projected EOL in May 2018. > Yes, 3 months from now. >> Is the information about kernel releases on kernel.org irrelevant/ >> shouldn't be trusted? Or my understanding of longterm kernel trees is >> incorrect? > No, it is correct, but note that since 4.1.y is about to be end-of-life, > it is receiving very few updates. No new device should be considering > to use it for their kernel version because it will not be supported very > soon now. Yes, that's clear. I'm just concerned a bit that you wrote that 4.1 is already insecure (while it's stated on kernel.org that it's currently supported). I just wonder where is the boundary as to one can expect the kernel to still get the security updates. Is there a consensus about a reliable source of information which kernels get fixes for certain security issues? Or is sticking with the most recent /stable/ kernel the only recommended approach? Commit messages often didn't mention any CVE or didn't indicate clearly a security problem so it's pretty hard to track it (semi-manually or automatically or without going in depth into commit details). Thanks, Best regards, Piotr. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
