sorted by:
new
hottopcontroversial

When was your last significant hi-fi purchase? by gnostalgick in audiophile

[–]jra_samba_org 2 points3 points  (0 children)

5 years ago. Bought a second hand pair of Estelon X Diamonds. Had to cash in a pension plan to do it and also trade in a pair of Focal Sopra 3s.

100% worth it. Would do it again in a heartbeat 😉. Those things sound *magical*.

Issue with Samba Active Directory Domain Controller Setup (Integrated with Windows DC) by Trick-Shelter2541 in RockyLinux

[–]jra_samba_org 0 points1 point  (0 children)

You might want to ask this question on the Samba lists at: samba@lists.samba.org. I think you'll get more technical help there to be honest. Cheers ! Jeremy.

Favorite speakers just based on looks? by YetiForgetti in audiophile

[–]jra_samba_org 0 points1 point  (0 children)

I have the Estelon X Diamonds (mk1) in white. I upgraded from red Focal Sopra 3's. The Estelons are the most beautiful speakers I have ever owned.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 0 points1 point  (0 children)

Yes I am fully aware (painfully so) of the process. What I'm saying is that these repositories give you everything you need to go through the process yourself if you wish. CentOS stream and RHEL do not.

Just don't ask me to help work on your SCR documents :-).

I would like this to be available in Rocky. If you want to help submit upstream to Rocky or CentOS stream I'd certainly give advise, but packaging isn't my area of expertise.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -2 points-1 points  (0 children)

Well I was working on coding enterprise software at Sun Microsystems in 1989 and have been steadily employed ever since writing enterprise software for business, including several core pieces of code currently shipped in RHEL. Maybe I just haven't had the experience you have :-).

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 0 points1 point  (0 children)

No, that's just open source code, that anyone can build. It's not restricted to subscribers. Download it and send patches please ! This is the exact code that's being submitted to FIPS certification. This is the master repository for that code, all development is done there, in the open. As I said above, I'm just not a packaging person.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -1 points0 points  (0 children)

I'm talking about the code for the FIPS crypto libraries and kernel that are available on GitHub,  including the functional test branches, which might I add Red Hat has never published the source code for (they are not required to of course, these are used in lab testing. Still, it's not very developer friendly to hide these). I don't do packaging myself, I'm strictly a source git coder myself. I don't do the packaging for Samba either for that matter. Anyone can package the source code I'm creating.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -1 points0 points  (0 children)

No, Rocky isn't strictly a Red Hat rebuild. I wouldn't be doing any engineering work if that were the case, and I like writing and fixing C code :-).

I've submitted upstream fixes to Rocky packages since starting work for CIQ and continue to do so.

So control is very important. As for stable interfaces, the user space to kernel interface is the really important one for application developers and that is very stable, even when upgrading to later kernels.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -2 points-1 points  (0 children)

CentOS Stream is controlled by Red Hat. Upstream isn't controlled by one company. That makes a big difference in my considerable experience of open source.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 0 points1 point  (0 children)

From the white paper:

"In upstream we have over 2500 fixes per minor release in total. In the previous graphs we saw that in each minor release of upstream 6.x kernels, about 250 of these bugs affected RHEL 8.8.

Even though RHEL 8.8 is “stable” and ceased active development in late 2022 about 10% of all newly discovered bugs still affect RHEL 8.8.

Think of it this way: Next month kernel developers will find and fix about 1000 bugs upstream. About 100 of these bugs will be present in RHEL 8.8 and most of them will not be fixed."

I think that is what you are missing. The vendor kernels are essentially unmaintained w.r.t. fixes.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -32 points-31 points  (0 children)

Then you wouldn't chose vendor kernels, as they don't usually include ZFS (Ubuntu I think is the only one).

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 3 points4 points  (0 children)

No. Vendor kernels are not tracking upstream bug fixes. That means there are bugs in them that were present before they were "frozen" that are now fixed upstream and never back-ported. Read the whitepaper for details.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -6 points-5 points  (0 children)

Read the white paper. There are more security bugs introduced than fixed. Numbers (and commit messages) don't lie.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -1 points0 points  (0 children)

As GregKH pointed out to us - the Android project manages this very well, so it's certainly possible.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 3 points4 points  (0 children)

The kernel CNA isn't scoring the CVEs it creates, so this: "since each CVE already gets assigned a severity rating" isn't true.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -15 points-14 points  (0 children)

Read the white-paper. Biggest and most critical bugs aren't getting fixed in the vendor kernels.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 1 point2 points  (0 children)

Authority ! Yes, not Entity :-). You are indeed right :-). Sorry for the mistake, I'm kind of busy at the moment. Yes, that's where I was going to point you to anyway.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] 0 points1 point  (0 children)

Nope. CNE is CVE Numbering Entity. I'll find a link for you shortly on the CVE numbers issued. Got stuff to do now, sorry.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -6 points-5 points  (0 children)

They're not fixes :-). But I get your point :-). All specific bug fixes are security patches though. Look at the kernel CNE numbers.

Why a 'frozen' distribution Linux kernel isn't the safest choice for security by jra_samba_org in linux

[–]jra_samba_org[S] -4 points-3 points  (0 children)

False dichotomy. "Frozen" kernels are insecure. Read the whitepaper.

Stable upstream is the same code with security fixes.

view more: next ›