[ubuntu-hardened] LTS Enablement Stacks; newer kernel (with new security features) and system security.

[Casey Schaufler]

On 2/22/2017 1:23 PM, daniel curtis wrote:
>
> Hi
>
> My question is rather theoretically. I would like to ask about something like; The Ubuntu LTS Enablement Stacks, which "(...) provide newer kernel and X support for existing Ubuntu LTS releases" etc. If, for example, I would like to take advantage of this mechanism what are the benefits from a security point of view?
>
> I'm seeing it this way; newer kernel - more new security mechanism, but on the other side; newer kernel - more, potentially, holes and so on. (It was discussed, for example, in this thread: 1., 2.) Mr Tyler Hicks noticed, that: "It would be wrong to think that a software project only becomes more secure over time (...)"

Updates include backports of security fixes.


>
> Of course it's not the only one conclusion, but it definitely right. Anyway; as I mentioned - my question is rather theoretical. But I would like to ask if it makes any sense to install a newer Linux kernel via The Ubuntu LTS Enablement Stacks in situation where user don't need newer version of kernel and X for a better devices support etc. 
>
> I mean security considerations. What is yours opinions? It's worth to make such an operation? I recall: everything works for the current kernel, but the newer one, brings newest security features etc. But maybe I'm totally wrong and I don't understand the whole  LTS Enablement Stacks mechanism?
>
> Thanks, best regards.
> _____________
> 1. https://lists.ubuntu.com/archives/ubuntu-hardened/2016-March/000843.html
> 2. https://lists.ubuntu.com/archives/ubuntu-hardened/2016-March/000847.html
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170222/11d86ffc/attachment.html>