suspend/hibernate on desktops
davej at redhat.com
Mon Jan 16 19:49:33 UTC 2006
On Mon, Jan 16, 2006 at 12:48:33PM -0600, Josh Boyer wrote:
> I agree that kernels in extras is not a good idea. However, you have the
> same security issues with kernel _modules_ in extras. Think OpenAFS
> security issue, etc.
With modules its less of a concern, as that usually means on the day
it gets fixed upstream, a maintainer can respin a package with the
fix-de-jour. For a kernel however, it's a lot more painful, as it
a) takes longer to build
b) takes longer to test (sometimes security fixes have knock-on
consequences which can have dire consequences, such as being
unable to boot in certain configurations)
c) requires every kernel module package to need to be rebuilt too.
> And don't think for a second that the same users you are talking about
> won't file bugs against "kernel" for something that is really and extras
> module issue. People see and oops and immediately think "Kernel bug!". I
> fight that issue on a daily basis.
It's already happening, though with modules it's less of an issue,
because users in general will try and reproduce it without it loaded.
If they encounter an issue with a -extras kernel however, and I asked
them to reproduce it on a -core kernel, I'd put money on the majority
of those bugs going silent, until they autoclose at end of life.
Once people start using non-standard functionality, they become
dependant on it, and are reluctant to switch to what they percieve
as an 'inferior' solution.
> Davej, I sympathize with you but you might want to start making "What
> kernel module packages from Extras do you have installed?" a standard
> question in your bug reports.
In the cases of oopses, I already get that info. It's the non-oops
bug-reports that are a problem, and asking users at times isn't
a sure-fire way to find out. I've seen reports where users have
claimed never to have loaded a binary module, and have editted
out the 'tainted' part of a kernel oops, despite leaving other
telltale signs that they had in fact loaded vmware, nvidia etc..
More information about the fedora-devel-list