yum wants to remove my kernels, why?

Arjan van de Ven arjan at fenrus.demon.nl
Sun Jan 22 17:04:58 UTC 2006


On Sun, 2006-01-22 at 16:52 +0000, Timothy Murphy wrote:
> On Monday 16 January 2006 16:12, Jeff Spaleta wrote:
> 
> > > but in my view the default should be to keep the current, working kernel
> > > as the default (as I believe it used to be).
> >
> > This makes for a very poor default for systems managed by novice fedora
> > users. Novice users may not realize that they need to reconfigure their
> > grub to take advantage of a security update kernel. Its very important that
> > the default configuration is one that makes booting into security
> > kernel updates as automatic as possible. For people with enough
> > experience using Fedora to competently manage multiple remote systems,
> > the configuration file /etc/sysconfig/kernel can be used to disable
> > this default.
> 
> I still think it is a bad idea to install the new kernel automatically.
> The worst thing that can happen for a newbie
> is that he turns on his laptop and it doesn't work.

the alternative sucks just as much: there's a severe security hole and
the user thinks he's safe because he enabled the yum cronjob.
(in your "turn on the laptop" scenario you boot often enough that
running the stale kernel isn't an issue, it can be in other
circumstances.

To be honest, the kernel breaking shouldn't happen too much. And as long
as there is a known working kernel also in grub the damage is less than
that of a severe break-in. So I'm arguing for a secure default versus
the "has a small chance of breaking" trade-off you make into the other
direction.

I think chosing for secure is the right approach. It's hard enough to
get people to apply security updates (hey this should be asked in
firstboot: "Enable automatic (security) upadates?"); but if they do then
it'd suck to then give them only a false sense of "I'm secure because
I'm updated".




More information about the test mailing list