On Sun, Mar 04, 2018 at 10:14:58PM -0500, Ruben Safir wrote: > Advice? Who am I to give advice? On the face of it, I would say they > need to harden the kernel base release. But I am not qualified to give > anyone advice. If a kernel can't be reasonably secure in a 2 year > period, as a consumer I can only be unhappy about it and a bit dismayed. Be dismayed, the state of computer security is not there yet, sorry, and it's doubtful that it ever will be (although it keeps getting better...) But seriously, if you have a system that is exposed to the world, you have to change it all the time as the world changes. You don't live in a bubble of a stable ecosystem, no one does. Ok, yes, there are some systems that do. Take for example two of my most favorite examples of the use of Linux: - ballast stabilizer for super-mega-yachts - automatic cow milking machines The first one does not interact with the world in a manner that it needs to be updated regularly, if ever, as communication from it to the kernel comes in through a known "good" channel (i.e. the on-board ship network which had better be firewalled from the world...) Same for the second one. Both of them interact with the physical world very directly (some might say more directly than your laptop or phone), but both do not interact with the digital world much, if at all. And that's the key here. Just keep your systems updated, it's really simple. If you can't do that, then prepare to have those systems be full of known security issues very very quickly. As someone said at a conference recently when they asked the audience about the longest uptime for any of the attendees systems (which turned out to be about 5 years.), "How many security issues were those systems vulnerable to over that period of time? All of them." good luck! greg k-h _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
