This is a multi-part message in MIME format.
e 03/10/2023 à 19:06, Bjørn Mork a écrit :
herve <herve@couvelard.com> writes:
concerning the linux-headers. may i explain what happend to me.
I reinstalled a debian 11.6 some months ago. and last week i had to
make virtualbox functioning again. it had to "compile" some kernel
modules and need some "headers". my kernel (from the install is
5.10.0-23-amd64 #1 SMP Debian 5.10.179-3 (2023-07-27) x86_64
GNU/Linux) so virtualbox need some 5.10.0-23 headers... you can find
5.10.0.20, 5.10.0.22, 5.10.0.25 in the repos from where the install
came from.
I had to surf the web and find a 5.10.0.23 in the web site of an
university and wget it to dpkg -i it.
No, you didn't. You could, and should, simply update the kernel with
the latest security fixes, and then install the matching headers from
the same repo.
I do not know (maybe i could not even understand) the security
reasons/problems of the headers versioning but it seems from my
end-user point of view that, the actual situation that lend me to
download from a website is the worst possible solution.
Running out-of-tree kernel code means that you can't use the security
card. Sorry.
Bjørn
Bjørn
thank you for your answer.
I remember that linus had the aim to be the less annoying for the user-expérience. I can understand _your_ point of view to have the "kernel-three-code" and the "security" card things. the fact is i didn't
choose neither testing, neither sid but stable. And in my experience
upgrading kernel is not always smooth. so I used to keep the same
kernel, until it is important to change, and i have time to do it. Not
when i have to run a wm to finish a job.
It is, from my point of view a "geek" stuff to "delete" the packages
from the repos. _you_ think I _must_ upgrade my kernel. OK. But if it
was so simple their would not have theses messages on the list. When i
tried to install the headers i had no message i should upgrade, just the packages were not existing (the same that if there was was a typo). So i
surfed the web to find it. How could i know that i _should_ upgrade to
benefit the right to get some headers ? If i installed them in the same
time as the kernel, i would have them already : which differences in
terms of security (installed in july - installed in september) ?
I just want to point, that i didn't initiate a thread to complain, i
just share my experience on an existing thread about headers and
security. i was not shamming security or else. i was just saying that
the politic to improve security pushed me to download from the web
instead of the repos. is the solution worse than the disease ? I use
linux on the desktop for almost 25 years, red hat, then fedora, then
debian and that never happened until last week. I was thinking that the difference between free software and proprietary one is the possibility
for free software user to upgrade when _they_ want and not when the
_supplier_ decide they should. and suppress headers is _forcing_ user to upgrade.
So to conclude, my experience is not a way to propose or impose a
solution but to point that there are sometimes between chair and screen
some "normal" persons that just want things to run. If the solution
proposed by virtualbox (install headers, naming them) could not
function, they will install something else. And, if i find alone the
solution by some little experience, lots of people won't. Of course you
are right about "Running out-of-tree kernel code" but that would not
help them.
Linux is not so easy, maybe it is not a good idea to had some
complications. if a kernel is so rapidly "out-of-tree" why let it in the "stable" distribution ?
my 2 cents.
hervé
ps : i really understand your point of view, i just want to say it is
not in the 10 commandments
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">e 03/10/2023 à 19:06, Bjørn Mork a
écrit :<br>
</div>
<blockquote type="cite" cite="mid:
87fs2riqka.fsf@miraculix.mork.no">
<pre class="moz-quote-pre" wrap="">herve <a class="moz-txt-link-rfc2396E" href="mailto:
herve@couvelard.com"><
herve@couvelard.com></a> writes:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">concerning the linux-headers. may i explain what happend to me.
I reinstalled a debian 11.6 some months ago. and last week i had to
make virtualbox functioning again. it had to "compile" some kernel
modules and need some "headers". my kernel (from the install is 5.10.0-23-amd64 #1 SMP Debian 5.10.179-3 (2023-07-27) x86_64
GNU/Linux) so virtualbox need some 5.10.0-23 headers... you can find
5.10.0.20, 5.10.0.22, 5.10.0.25 in the repos from where the install
came from.
I had to surf the web and find a 5.10.0.23 in the web site of an
university and wget it to dpkg -i it.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
No, you didn't. You could, and should, simply update the kernel with
the latest security fixes, and then install the matching headers from
the same repo.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">I do not know (maybe i could not even understand) the security
reasons/problems of the headers versioning but it seems from my
end-user point of view that, the actual situation that lend me to
download from a website is the worst possible solution.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Running out-of-tree kernel code means that you can't use the security
card. Sorry.
Bjørn
</pre>
</blockquote>
<br>
<pre class="moz-quote-pre" wrap="">Bjørn</pre>
<p>thank you for your answer.<br>
</p>
<p>I remember that linus had the aim to be the less annoying for the
user-expérience. I can understand _your_ point of view to have the
"kernel-three-code" and the "security" card things. the fact is i
didn't choose neither testing, neither sid but stable. And in my
experience upgrading kernel is not always smooth. so I used to
keep the same kernel, until it is important to change, and i have
time to do it. Not when i have to run a wm to finish a job.<br>
</p>
<p>It is, from my point of view a "geek" stuff to "delete" the
packages from the repos. _you_ think I _must_ upgrade my kernel.
OK. But if it was so simple their would not have theses messages
on the list. When i tried to install the headers i had no message
i should upgrade, just the packages were not existing (the same
that if there was was a typo). So i surfed the web to find it. How
could i know that i _should_ upgrade to benefit the right to get
some headers ? If i installed them in the same time as the kernel,
i would have them already : which differences in terms of security
(installed in july - installed in september) ?<br>
</p>
<p>I just want to point, that i didn't initiate a thread to
complain, i just share my experience on an existing thread about
headers and security. i was not shamming security or else. i was
just saying that the politic to improve security pushed me to
download from the web instead of the repos. is the solution worse
than the disease ? I use linux on the desktop for almost 25 years,
red hat, then fedora, then debian and that never happened until
last week. I was thinking that the difference between free
software and proprietary one is the possibility for free software
user to upgrade when _they_ want and not when the _supplier_
decide they should. and suppress headers is _forcing_ user to
upgrade.<br>
</p>
<p>So to conclude, my experience is not a way to propose or impose a
solution but to point that there are sometimes between chair and
screen some "normal" persons that just want things to run. If the
solution proposed by virtualbox (install headers, naming them)
could not function, they will install something else. And, if i
find alone the solution by some little experience, lots of people
won't. Of course you are right about "Running out-of-tree kernel
code" but that would not help them.</p>
<p>Linux is not so easy, maybe it is not a good idea to had some
complications. if a kernel is so rapidly "out-of-tree" why let it
in the "stable" distribution ?<br>
</p>
<p>my 2 cents.<br>
</p>
<p>hervé</p>
<p>ps : i really understand your point of view, i just want to say
it is not in the 10 commandments <br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="grammalecte_menu_main_button_shadow_host" style="width:
0px; height: 0px;"></div>
</body>
</html>
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)