[nSLUG] Better allocation of developer resources for linux

George N. White III gnwiii at gmail.com
Thu Aug 5 09:39:57 ADT 2021


https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html,
Posted by Kees Cook, Software Engineer, Google Open Source Security Team

The post points out that considerable developer resources are being used to
backport fixes to older kernels.  Meanwhile, there is a growing backlog of
issues needing fixes.   He wants users to move to current kernels so
resources can be moved to reducing the backlog.

I think Kees misses the fact that many "mission critical" closed source
applications are not that well written and often rely on trial and error
rather than detailed study of kernel interfaces, so are apt to break when
used with newer kernels.

Many such applications will only install on certain linux distros, so
forcing users to run older kernels.   Such applications are often tied to
expensive hardware (industrial automation, lab instruments, satellite
receiving systems, etc.) that
users need to maintain over long periods.   Companies selling such closed
source applications often have minimal in-house development, relying on 3rd
party modules and contractors, so are effectively getting a free ride from
the distros doing backports.

The landscape may be changing with US Gov't efforts to improve security
making it harder for US Gov. agencies and contractors to continue running
on
older kernels.

-- 
George N. White III



More information about the nSLUG mailing list