[gull] [SPAM] Re: [SPAM] Re: Abus réseaux

Philippe Strauss philippe at straussaudio.ch
Sat Aug 24 18:08:45 CEST 2024


...

The pair then shifted gears into security. Hohndel brought up the huge 
number of Common Vulnerabilities and Exposures (CVE) in the Linux 
kernel. This isn't because Linux is insecure. Torvalds replied, "Bugs 
will happen, and anything can be a security bug if somebody is clever 
enough to just figure out how to abuse it."

Torvalds continued, "One reason why I stress that all security issues 
are just bugs is that there's this tendency in the IT industry to treat 
security issues as something really, really, really special, and that 
actually ends up harming everybody."

So, what should you do about the constant weekly flow of Linux security 
bug fixes? Greg Kroah-Hartman, the maintainer of the Linux stable 
kernel, thinks you should constantly update to the newest, most secure 
stable Linux kernel. Torvalds agrees but can see the case for sticking 
with older kernels and relying on less frequent security patch 
backports.

Torvalds said, "There is some stability with old kernels, and we do 
backport for patches and fixes to them, but some fixes get missed 
because people don't think they're important enough, and then it turns 
out they were important enough."

Besides, if you stick with an old kernel for too long when you finally 
need to update to a newer one, it can be a massive pain to do so. So, 
"to all the Chinese embedded Linux vendors who are still using the 
Linux 4.9 kernel," Torvalds said, wagging his finger, "Stop."

In addition, Hohndel said that when patching truly ancient kernels, the 
Linux kernel team can only say, "Sorry, we can't help you with that. It 
was so long ago that we don't even remember how to fix it."

...

On Sat, Aug 24 2024 at 06:01:26 PM +02:00:00, Philippe Strauss via gull 
<gull at forum.linux-gull.ch> wrote:
> Discussion de Linus notamment au sujet des fix de sécurité aux 
> différentes versions du noyau:
> 
> https://www.zdnet.com/article/linus-torvalds-talks-ai-rust-adoption-and-why-the-linux-kernel-is-the-only-thing-that-matters/




More information about the gull mailing list