Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday April 13 2015, @03:00PM   Printer-friendly
from the year-of-linux-on-the-quark dept.

El Reg has noted:

Torvalds looses neatened number [release featuring] non-disruptive patches, Z13 support, and more.

[...] The new number isn't a sign of a major upgrade. As we've chronicled, Torvalds thinks that it looks a bit silly when version numbers go beyond x.19.

As the Benevolent Dictator for Life says in his post at the kernel mailing list:

since rc7 [...] It's mainly driver fixes (media, sound, pci, scsi target, drm, thermal..), misc arch updates (nios2 and x86), and scattered fixes elsewhere. Really not a lot during the last week.

After you folks hammered on the 7 release candidates and gave the kernel team bug reports, any drama seems to have been wrung out.

We previously discussed the never-need-to-reboot patching feature that has now been incorporated into the kernel.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by maxwell demon on Tuesday April 14 2015, @06:55PM

    by maxwell demon (1608) on Tuesday April 14 2015, @06:55PM (#170494) Journal

    But weren't all the recent Linux security problems using signed packages?

    Do you have any indication that those were malicious code, rather than ordinary bugs? And anyway, if you get your malicious code into the Linux kernel, then it is irrelevant whether you have to reboot to activate it; people installing new kernels will reboot for sure.

    And wasn't kernal.org hacked at least once?

    I trust the kernel developers to not be so stupid to store their private key on a publicly accessible server.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by frojack on Tuesday April 14 2015, @10:00PM

    by frojack (1554) on Tuesday April 14 2015, @10:00PM (#170579) Journal

    I trust the kernel developers to not be so stupid to store their private key on a publicly accessible server.

    From what I can tell, its a secret or a mystery even to this day.
    http://arstechnica.com/security/2013/09/who-rooted-kernel-org-servers-two-years-ago-how-did-it-happen-and-why/ [arstechnica.com]

    The self-injecting rootkit known as Phalanx had access to a wealth of sensitive data, possibly including private keys used to sign and decrypt e-mails and remotely log in to servers. A follow-up advisory a few weeks later opened the possibility that still other developers may have fallen prey to the attackers.

    I haven't been following this real close.
    I mention it only because signing code is not all that big of an insurance against dangerous code being discovered and used years later.

    As an example, some of my Linux machines were vulnerable to shell shock, but others (older versions) were vulnerable. Had those older ones been on auto update they would have been vulnerable as well.

    Take consumer routers. Most of these run some version of linux, and most of which never get an upgrade after they are installed, auto updating kernels could be good. But because nobody ever checks router logs who knows what might sneak into an update only to lie in wait for months.

    Not trying to be alarmist, but auto updates might be exploited for evil.

    --
    No, you are mistaken. I've always had this sig.