Hello, as you can see we have K_SECURITY_UNSUPPORTED=1 for vanilla-sources. It is true but since when there are serious vulnerabilities, upstream is pretty active with the release(s) on each version, could we improve the message to explain that security does not support vanilla-sources but it is enough to stay always at the latest minor/maintenance version? Thanks.
IMO, it's never enough. In fact, we sometimes add a patch to gentoo-sources that hasn't yet made it to vanilla. That said, I'm absolutely willing to try to improve the text if you think it might help. How about adding: "Upstream kernel developers recommend always running the latest release of any current long term supported Linux kernel version. To see a list of these versions, their most current release and long term support status, please go to https://www.kernel.org." I hope someone can word this better
(In reply to Mike Pagano from comment #1) > IMO, it's never enough. In fact, we sometimes add a patch to gentoo-sources > that hasn't yet made it to vanilla. When there is an important vulnerability, upstream immediately releases the patched versions. > > That said, I'm absolutely willing to try to improve the text if you think it > might help. > > How about adding: > > "Upstream kernel developers recommend always running the latest release of > any current long term supported Linux kernel version. To see a list of > these versions, their most current release and long term support status, > please go to https://www.kernel.org." > > I hope someone can word this better The text is great. LGTM
Author: Mike Pagano <mpagano@gentoo.org> Date: Sun Mar 5 16:41:52 2017 -0500 kernel-2.eclass: Add some additional text to bring some additional notice to users about the security considerations of a specific kernel and direct them to the upstream website for further information. See bug #599454