KSplice in Fedora?

Bill McGonigle bill at bfccomputing.com
Tue Jun 30 17:04:50 UTC 2009


On 06/30/2009 11:59 AM, Bryn M. Reeves wrote:
> I do think that the applicability of this tool to a
> distribution like Fedora is probably a lot less than it would be for
> e.g. one of the "enterprise" distributions for the simple fact that end
> users who are particularly intolerant to reboots are likely already
> looking for a platform with a longer release and support cycle and
> stronger (i.e. commercial) support guarantees.

One could use the same premise to make the counter-argument.  We already
have a hard time getting Fedora used widely across enterprise
environments - the easier we make it, the better our user base becomes.
 Critical security updates without reboots is a powerful enticement.

> Fedora users who just want quicker reboots can always make use of kexec.
> Along with the boot time improvements in recent releases that should
> make installing and booting a new kernel pretty quick (apart from the
> inconvenience of shutting down applications).

The parenthetical is the actual reason people don't like to reboot and
may ignore security updates.  Boot times are trivial in comparison to
restoring one's application state, for anything beyond the most trivial
of use cases.

Kevin makes a really good point about the succession of kernels and
security updates.  With enough ksplice updates, you have to maintain
something on the order of n! kernels.  To actually implement this for
Fedora, there would probably have to be practical cut-off requirements.
 For instance:

ksplice updates are only available for:

1. kernels that have been the lastest kernel in the past two weeks
2. kernel updates that are remotely exploitable
3. kernel updates that rate 'high' on CVSS

I'd have to do more research to be sure, but just guessing this feels
like 0-4 candidates per Fedora release cycle.

-Bill

-- 
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
http://www.bfccomputing.com/    Cell: 603.252.2606
Twitter, etc.: bill_mcgonigle   Page: 603.442.1833
Email, IM, VOIP: bill at bfccomputing.com
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf




More information about the fedora-devel-list mailing list