I have an installation that has run quite well, and have been running regular upgrades on the system. However, it did not dawn on me until now that I should have installed a custom kernel after installation, let alone compiled my own.
However, it is rather unfortunate that at a time where probably a record number of individuals are wondering about kernel issues, the Kernel HOWTO has been removed from the site without any further clarifications.
I think that to alleviate the fears of this group of users, a step-by-step guide should be made available on www.debian.org and/or security.debian.org describing the steps to be taken to:
- Determine if user systems are afflicted by the kernel exploit
- Rectify the issue, possibly by updating the kernel
Such a guide should list a recommended kernel version for a stable Debian installation, and should preferably not advice users to "roll their own kernels", since many users have no desire to start such explorations as a response to this issue.
I believe that this issue has caused serious doubts for many users about the possibility of running a typical secure linux server with medium sysadmin skills. As I gather, running "apt-get upgrade" is not sufficient to patch a vulnerable system for this exploit, meaning that the method recommended for "Keeping your Debian system secure" on security.debian.org is insufficient.
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]