On Fri, Mar 25, 2011 at 5:07 PM, Karol Babioch <karol@babioch.de> wrote:
Am 25.03.2011 16:42, schrieb Thomas S Hatch:
which is why I use the latest kernel on my servers and reboot them a lot becaus
As I'm about to set up some new servers I was thinking about this in the past few days. How does it work out for you?
Because I don't think that rebooting is an option on servers. If there are running http, mail, dns, etc. service(s) its not that great to reboot the system.
If your services are only running on one server with no failover (either manual or automatic), you are already vulnerable to such downtimes.
Could you elaborate on the point you tried to make? Why is a feature frozen kernel/software a potential security issue? As far as I know major security issues get updated, so you just need to reload the modules, don't you? Or am I missing a point here? Because this is what most long term distributions do.
I'm not sure it was implied by Thomas that frozen features kernel are a security issue. But as new vulnerabilities are being discovered, even on a feature freeze you need to do security updates.
As you don't expect a server to be in desperate need of new features and new supported hardware I personally don't think that the latest kernel is needed.
What do the others think about it?
No. But what I understood from what Thomas said is: as you need to reboot your server anyway from time to time to apply security updates, you may decide to switch to an even more often updated kernel, if your architecture permit it (reboot != service interruption). -- Cédric Girard