On 11/30/06, Mario Bischof <[EMAIL PROTECTED]> wrote:
[...] I always thought using custom xen kernels is better for security?
Security is a process, not using a product - this also goes for choice of kernels or configurations. Custom kernels can only be more secure if you take care of it a lot and have a lot of knowledge. The Xen developers don't provide security updates and fixes, and don't say a word if you ask them about it. I get the impression they don't see themselves as providers of software for end-users, but see this task on the side of the distribution developers - but thy did not confirm this yet - no comments on xen-devel on questions about security updates. So, security-wise it's safer to use the Debian Xen Kernels, because they do security releases, and bring the xen Linx patches to newer Kernel versions. Still, I build my own, but i use it mostly for FAI development and experimental stuff. In that case, it's good to have separate dom0 domU Kernels, cause when I only change the domU Kernel, rebuilding it is a lot faster than building the kernel with all modules for my machines.
. Well, does the standard xen-kernel from debian also provide HVM support for using win xp?
The Xen Linux Kernel doesn't need or have hvm features - it's only in Xen itself. The xen packages from Debian support hvm, you need to install the xen-iommu package as well. ( and some others, but this is excessively handled in xen-users, no topic for this list.#
does it include tun/ tap device support for creating openVPN domains?
Not sure, look into the config file... Henning