On Sat, Jan 4, 2020 at 3:13 PM Christopher Head <ch...@chead.ca> wrote: > > > Of course this would be a bad argument if V-S were lagging behind upstream > significantly, and it’s a much better argument for packages that come with > expectations of security team support than those that don’t, but it is > something to consider. >
This was my main concern when it was mentioned that it wasn't security-supported. If it is always up-to-date that definitely helps mitigate things. Though, there should definitely be some kind of warning on the package that it isn't security supported. Even if it is up to date it won't get GLSAs and GLSA-checker won't work. Though, that really only makes a difference insofar as the GLSAs are also timely. In any case, if the just-announced distribution kernel project takes off and remains active I could easily see that becoming the most commonly used kernel option. I'm not knocking minimal kernels but I suspect a LOT of users are going to be well-served by a modular kernel that just works 99% of the time. -- Rich
