Linux Kernel Security Done Right

Don’t wait another minute

If you’re not using the latest kernel, you don’t have the most recently added security defenses (including bug fixes). In the face of newly discovered flaws, this leaves systems less secure than they could have been. Even when mediated by careful system design, proper threat modeling, and other standard security practices, the magnitude of risk grows quickly over time, leaving vendors to do the calculus of determining how old a kernel they can tolerate exposing users to. Unless the answer is “just abandon our users,” engineering resources must be focused upstream on closing the gap by continuously deploying the latest kernel release.

This is a topic @khem and I have been discussing and are leaning toward the same conclusion. This is one reason Yoe has monthly releases and simply tracks the latest bits in oe-core and various layers.

This is another reason why I really like Arch Linux – the focus is put on keeping HEAD integrated and stable instead of backporting changes – there is much less wasted effort and the overall experience is better. I’m not running Arch on my cloud servers yet, but based on my experience with workstations and laptops, I see no reason not to – wish DO or Linode would provide images …