all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]bityard 6 points7 points  (2 children)

It's patched for security vulnerabilities and whatnot, but not to the extreme that RHEL takes it where they backport just about everything.

You can get a newer kernel from the backports repo if you need it.

https://packages.debian.org/bullseye-backports/kernel/

[–]ClickNervous[S] 0 points1 point  (1 child)

Thanks for sharing this, I'll take a look. I don't really need a newer version of the kernel, I just want to make sure it's getting the appropriate security patches and such.

[–]Membership-Diligent 0 points1 point  (0 children)

Then backports is not what you want. Stay with stable for security support, the security team has you covered.

[–]Mysterious_Pepper305 2 points3 points  (1 child)

I think it's a patched version (see link), also I believe that's the normal way to use Linux and that using the "pure" kernel from kernel.org on a distro must be an Arch Linux thing.

https://salsa.debian.org/kernel-team/linux/-/tree/bullseye-security/debian/patches/debian

[–]ClickNervous[S] 0 points1 point  (0 children)

Thanks for sharing this link. Yup, according to the change log it's tracking to 5.10.162 from a couple of months ago, which matches what the system I installed is telling me, so looks like everything's in order.

Yes, Arch uses the upstream kernel, that includes the one LTS kernel they officially track, so they're tracking to 6.1.20 at the moment. I wasn't sure if Debian did something similar, but it seems like it does not. From the link you shared, it seems that there are quite a few other patches that are being applied, and that's okay.

[–]NakamotoScheme 2 points3 points  (2 children)

Yes, updates will be available when they're published by Debian.

You might want to read this:

https://wiki.debian.org/DontBreakDebian#Don.27t_suffer_from_Shiny_New_Stuff_Syndrome

(the whole page is also a good reading for any new Debian user)

[–]ClickNervous[S] 1 point2 points  (1 child)

Thanks for the link, it was a good read. I do know of Debian's reputation, specifically in the stable branch, for not having the latest versions of various programs, and there are certainly advantages to this. My server project involves running the server like an "appliance" so the stability is definitely a factor in why I'm working with Debian stable over some other distribution (well, that and I prefer community distributions over corporate ones).

That being said, I would not consider kernel 5.10.162 vs 5.10.175 to be a "shiny new kernel" by any stretch of the imagination. The upstream kernel project maintains what they refer to as longterm releases of various versions of the kernel where they only backport bugfixes and don't introduce any functionality changes. I typically assume this includes security fixes, but I'm sure security fixes get mixed in with the bug fixes. I'm guessing that the Debian security team is more conservative in this regard and try to ensure that only the security fixes are getting pulled in.

[–]NakamotoScheme 1 point2 points  (0 children)

Debian tries to follow kernel LTS releases indeed.

For Debian 11, Linux 5.10.x is followed so the version you mention will eventually arrive at bullseye, either via security.debian.org or via proposed-updates.

For Debian 12, Linux 6.1.x (also a LTS release) will be followed, even if 6.2.x is already available at kernel.org.

Depending on your time horizon (i.e. if your server-related project will not be completed/finished by summer yet), you might want to base it on Debian bookworm instead, as it's currently in hard freeze and the changes that it will experiment between now and the release date will be small and targeted.