On Sunday 08 November 2009 23:20:31 Stroller wrote: > > You really need to learn to make your own kernel. ... > > Whilst I agree in principle that a good (slim?) kernel is better and > your comments on that, I am sceptical whether the majority of people > have the knowledge to make any significant performance or security > improvements. > > AIUI the kernels shipped by distros like Red Hat, for instance, are > configured by the very people that work on and maintain the mainline > kernel tree. How can any of us simple end-users compete with that? > > I imagine it to be very easy for any of us normal people to enable or > disable options that make significant performance impact - but we > would never know it, because we're not benchtesting it or even > qualified to assess proper benchtests. > > I cannot believe that in a day you could study this subject > sufficiently to have any reasonable competence on the matter. And thus > if you do spend only a day, that's wasted time. I would add that the > kernel is evolving constantly, and in a year's time your knowledge - > and your .config - is likely to be at least somewhat outdated. > > I chose to copy the .config from Knoppix because it's easy to get hold > of that, but also because it's selected by someone who knows more than > me, and it is likely to work with any hardware I install into my > machine or connect by USB. I take Volker's point that a LiveCD .config > could be the worst possible choice so I'm open to alternatives, but > I hope those who say I should "learn to make your own kernel" > appreciate my points over how effectual that will be - sure, I can > delete my .config and start again with `make menuconfig` and I can go > through every option and read the help, and I'm sure I'll get just as > good results as 80% of the people on this list, but I just don't know > that that's much of an answer.
You are reading way more into the subject than is actually there. Red Hat employees do work on mainline and do write kernel code. But finding a bug, writing new code and fixing security exploits are very different activities to simply configuring the code that is there. And that is what RH do - they take the code that is already there, apply whatever backport and experimental patches suits their distro, then go through menuconfig switching some things on and some things off. Their needs are different to yours - they need their kernel to run on just about any hardware on the planet, so they build a horrendously complex initrd with support for every known boot device, then build every module that even half-way works. And also enable every known kernel sub-system (because someone somewhere is going to use it). By your analogy, you might consider Red Hat more qualified than you to decide if you should build an MTA with or without LDAP support. Which is of course patently ridiculous - if you know you need LDAP then you need it. Otherwise you don't (and this is not a security issue, it's a features issue) If you configure your own kernel, you only need build the bits you use. The sole benefit for a Gentoo users to using a custom distro kernel is support for things not in mainline (like some entire FibreChannel product ranges out there). But please note that even if you copy an RH .config, you do not have those patches to hand so you will not get those extra features. Unless you patched the ebuild yourself, in which case you are already au-fait with building a kernel and we would not be having this discussion. In summary, I hear your reasoning and understand your concerns. But it is flawed and you are worried about something that is not actually there. -- alan dot mckinnon at gmail dot com
