On Mon, Jan 02, 2012 at 01:38:00PM +0100, Christian Hofstaedtler wrote:
I thought this was about having an arch-specific Grml ISO in /boot for rescue purposes.
Indeed. That does not mean that the rescue system is allowed to have ancient security bugs, since it is likely to be exposed to the internet without filters if it is eventually started and needed.
Where about the only things that matter are kernel and ssh. Both have been unpatched for the time since the last release anyway, which was up to 6+ months, depending on the release, and how often you update your ISOs.
An ISO update could be done if a security relevant issue becomes public if a later ISO is available.
For grml-small, this is not the case any more, leaving a system using grml-small 2010.05 in 2014 open to all vulnerabilities that have become public in the mean time.
Installing linux-image-3.1.0-1-amd64-dbg did not change the size of /boot for me.
Interesting. When I install a kernel with debug info, vmlinuz size grows from like 2 MB to over a hundred.
Don't get me wrong: You took a valid decision which the community needs to accept. The community is not required to like your decision. I am one of the people not liking the decision, but I'm going to (have to) accept it anyway. That's ok, and given the lack of alternatives, I'm most probably going to stay with grml anyway. I am only going to do a lot of cursing in the next months whenever the new iso size bites me (which it will). But I'm going to get used to it.
Greetings Marc