Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6268

Re: Upcoming changes to Debian Linux kernel packages

From herve <herve@couvelard.com>
Newsgroups linux.debian.security
Subject Re: Upcoming changes to Debian Linux kernel packages
Date 2023-10-03 20:40 +0200
Message-ID <HkStj-dj13-3@gated-at.bofh.it> (permalink)
References (3 earlier) <HhJFT-blI5-1@gated-at.bofh.it> <Hk1yF-cMnw-1@gated-at.bofh.it> <HkOJ3-dgNl-3@gated-at.bofh.it> <HkPvr-dhja-3@gated-at.bofh.it> <HkR4d-dijv-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

e 03/10/2023 à 19:06, Bjørn Mork a écrit :
> herve <herve@couvelard.com> writes:
>
>> concerning the linux-headers. may i explain what happend to me.
>>
>> I reinstalled a debian 11.6 some months ago. and last week i had to
>> make virtualbox functioning again. it had to "compile" some kernel
>> modules and need some "headers". my kernel (from the install is
>> 5.10.0-23-amd64 #1 SMP Debian 5.10.179-3 (2023-07-27) x86_64
>> GNU/Linux) so virtualbox need some 5.10.0-23 headers... you can find
>> 5.10.0.20, 5.10.0.22,  5.10.0.25 in the repos from where the install
>> came from.
>>
>> I had to surf the web and find a 5.10.0.23 in the web site of an
>> university and wget it to dpkg -i it.
> No, you didn't.  You could, and should, simply update the kernel with
> the latest security fixes, and then install the matching headers from
> the same repo.
>
>> I do not know (maybe i could not even understand) the security
>> reasons/problems of the headers versioning but it seems from my
>> end-user point of view that, the actual situation that lend me to
>> download from a website is the worst possible solution.
> Running out-of-tree kernel code means that you can't use the security
> card.  Sorry.
>
>
> Bjørn

Bjørn

thank you for your answer.

I remember that linus had the aim to be the less annoying for the 
user-expérience. I can understand _your_ point of view to have the 
"kernel-three-code" and the "security" card things. the fact is i didn't 
choose neither testing, neither sid but stable. And in my experience 
upgrading kernel is not always smooth. so I used to keep the same 
kernel, until it is important to change, and i have time to do it. Not 
when i have to run a wm to finish a job.

It is, from my point of view a "geek" stuff to "delete" the packages 
from the repos. _you_ think I _must_ upgrade my kernel. OK. But if it 
was so simple their would not have theses messages on the list. When i 
tried to install the headers i had no message i should upgrade, just the 
packages were not existing (the same that if there was was a typo). So i 
surfed the web to find it. How could i know that i _should_ upgrade to 
benefit the right to get some headers ? If i installed them in the same 
time as the kernel, i would have them already : which differences in 
terms of security (installed in july - installed in september) ?

I just want to  point, that i didn't initiate a thread to complain, i 
just  share my experience on an existing thread about headers and 
security. i was not shamming security or else. i was just saying that 
the politic to improve security pushed me to download from the web 
instead of the repos. is the solution worse than the disease ? I use 
linux on the desktop for almost 25 years, red hat, then fedora, then 
debian and that never happened until last week. I was thinking that the 
difference between free software and proprietary one is the possibility 
for free software user to upgrade when _they_ want and not when the 
_supplier_ decide they should. and suppress headers is _forcing_ user to 
upgrade.

So to conclude, my experience is not a way to propose or impose a 
solution but to point that there are sometimes between chair and screen 
some "normal" persons that just want things to run. If the solution 
proposed by virtualbox (install headers, naming them) could not 
function, they will install something else. And, if i find alone the 
solution by some little experience, lots of people won't. Of course you 
are right about "Running out-of-tree kernel code" but that would not 
help them.

Linux is not so easy, maybe it is not a good idea to had some 
complications. if a kernel is so rapidly "out-of-tree" why let it in the 
"stable" distribution ?

my 2 cents.

hervé

ps : i really understand your point of view, i just want to say it is 
not in the 10 commandments

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-09-24 15:10 +0200
  Re: Upcoming changes to Debian Linux kernel packages Andreas Beckmann <anbe@debian.org> - 2023-09-24 23:20 +0200
    Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-09-25 01:10 +0200
      Re: Upcoming changes to Debian Linux kernel packages Andreas Beckmann <anbe@debian.org> - 2023-09-25 04:40 +0200
        Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-01 12:10 +0200
          Re: Upcoming changes to Debian Linux kernel packages Michel Verdier <mv524@free.fr> - 2023-10-01 12:20 +0200
            Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-01 13:50 +0200
              Re: Upcoming changes to Debian Linux kernel packages Michel Verdier <mv524@free.fr> - 2023-10-01 16:40 +0200
          Re: Upcoming changes to Debian Linux kernel packages Sam Hartman <hartmans@debian.org> - 2023-10-03 16:40 +0200
            Re: Upcoming changes to Debian Linux kernel packages herve <herve@couvelard.com> - 2023-10-03 17:30 +0200
              Re: Upcoming changes to Debian Linux kernel packages Bjørn Mork <bjorn@mork.no> - 2023-10-03 19:10 +0200
                Re: Upcoming changes to Debian Linux kernel packages herve <herve@couvelard.com> - 2023-10-03 20:40 +0200
            Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-03 19:50 +0200
              Re: Upcoming changes to Debian Linux kernel packages Adrian Bunk <bunk@debian.org> - 2023-10-03 22:00 +0200
                Re: Upcoming changes to Debian Linux kernel packages Robert Nelson <robertcnelson@gmail.com> - 2023-10-03 22:10 +0200
                Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-05 08:30 +0200
                Re: Upcoming changes to Debian Linux kernel packages Sam Hartman <hartmans@debian.org> - 2023-10-05 16:10 +0200
                Re: Upcoming changes to Debian Linux kernel packages Russ Allbery <rra@debian.org> - 2023-10-05 17:30 +0200
                Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-26 14:00 +0200
              Re: Upcoming changes to Debian Linux kernel packages Andreas Beckmann <anbe@debian.org> - 2023-10-04 00:00 +0200
                Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-05 08:10 +0200
  Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-05 21:30 +0200
  Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-07 17:00 +0200
    Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-27 11:00 +0200

csiph-web