Long-term support for Linux kernels is about to get a lot shorter

[peebee]

https://www.theregister.com/2023/09/26/ ... port_2023/

They have come to the conclusion that there's really no point in maintaining them that long, because people are not using them. So the six-year update policy is going away. When 4.14 goes out of support… early next year… there will not be another six-year kernel to replace it. We're likely to go back to a long-term stable kernel maintained for about two years. After that, people will simply be expected to update to a newer kernel.

The new regime
When 4.19 reaches its end of life, so will 5.4, leaving the end-of-2020 kernel 5.10 the oldest longterm release. This change was discussed at the time, but now it looks like what is essentially the worst-case outcome has been chosen.

https://www.kernel.org/category/releases.html

[dimkr]

This is yet another reason to use the Debian kernel as the base for Puppy kernels. The Debian team will have to maintain the kernel in-house through the long shelf life of each Debian release, and it's a waste to duplicate this effort or ask users of old hardware (!) to update often instead of using this resource.

[8Geee]

Right, k. 6.1.55 is latest LTS supported until 2031.

8Geee

[bigpup]

Maybe something I just do not understand.

Who cares.

I have Puppy versions I use that the kernel has never been updated and probably never will.
They work OK and run my computer as they should.
Why do I care when they stop supporting that specific kernel?

What is a newer kernel going to give you, other than support for much newer hardware, that I do not have.

A newer updated kernel may provide new features or updated drivers, but your hardware is going to have to be able to use the updated features.

All I really see a newer kernel version providing is support for new or very new hardware.
Plus depending on the age of the hardware, dropping support for the very old hardware.

This kind of follows the same idea about updating the computers bios.
Sure, you could probably find several updates to the bios in your computer.
BUT IF IT IS NOT BROKEN DO NOT DO IT!
Only time you ever need to update the bios, is when something is not working correctly, and the bios update is suppose to fix it.

[dimkr]

"Supported" means "receives additional bugfix releases with fixes for security issues" and nothing more (no, there's no warranty). If you're not updating from 6.1.x to 6.1.y (where y > x) because you're not updating your Puppy at all or because you jump from 6.1.x to a later branch (say, 6.5.y), the shorter support window doesn't affect you.

The problem I see is that newer kernels need more and more resources and lose support for old hardware. The longterm kernels give a computer a 6 year time window where things that worked will keep working but without having to stick to a kernel version full of known vulnerabilities and bugs.

[bigpup]

Basically they do not want to work on a Linux kernel for 6 years and fix all the bugs in it!

It could also have something to do with how fast computer hardware is constantly changing.

The kernel is no good if it does not support the hardware.

Puppy users use it on old hardware, so support for newest hardware is not that much of an issue.

The big main stream Linux OS's are all about working on the latest hardware.

I hope they are not going to stop keeping older versions of the kernel, someplace where you can go and still download one.

[dimkr]

The kernel is no good if it does not support the hardware.

True, but that doesn't imply that you must stick to the exact kernel version if you found one that works on your particular hardware. If 5.15.0 worked on your hardware, you can safely update to 5.15.133 to get 133 (!) sets of fixes without losing hardware support or gaining new features, while resource usage and hardware support might change if you update to 6.5.x instead. With the 6 years window, longterm kernels give you 6 years where you can get a kernel that not only works, but also includes the latest stability and security fixes. (With the shorter 2 years window, you're forced to jump to a newer kernel branch every 2 years instead of 6).

IMO old hardware is not very useful if you have a kernel that works but the entire OS, all the day down to the kernel, is outdated and full of security issues that make it too risky to do anything that involves sensitive information, like typing your credit card information.

[bigpup]

If the Linux kernel is constantly needing to have updates for security and bug fixes.

Puppy Linux is going to need to have some way to make this happen, that is going to be some kind of auto update program.
Find out if the kernel has a updated version.
Download it and change to using this newer version of the kernel.

Puppy has the manual way to change the kernel, but everything has to be done by choices made by the Puppy version user.

Change kernel program should be in all Puppy versions.
viewtopic.php?t=317

Why does Puppy Linux need it's own Linux kernel repository?
It does have one in the Additional Software section of this forum.
Who is going to keep this repository updated?

[rockedge]

If the Linux kernel is constantly needing to have updates for security and bug fixes.

It might be true but is it necessary for most Puppy Linux users to constantly chase kernels? I don't think so. I have a plenty secure (enough) system that runs Tahr-6.0.5 with a kernel 4.19.82-rt30. Works particularly well on the 14 year old machine it's on so do I mess with it? No way.

I don't run any browser or email client on this machine at all. So you'll have to crack closed ports and disconnected Ethernet cables and overcome the fact no software is being installed by me. I don't even update the PPM so one older kernel seems to suffice.

[mikeslr]

Of computing platforms, personal computers now have less than 50% of the market. https://gs.statcounter.com/platform-mar ... ile-tablet. My guess is that statistic reflects that lower cost of owning, and the greater ease of carrying, an android device where the primary intent is interpersonal communication.

Only about 3.01% of personal computers run Linux, https://gs.statcounter.com/os-market-sh ... worldwide/ and there are hundreds, if not thousands, of Linux operating systems a user can choose. Puppy Linux users make up a small share of them, https://distrowatch.com/, a niche within a niche. The 'Lion's Share' of personal computers is still Windows which system has a 30 year lead on software specialized for business.

Linux in general, but Puppy Linux in particular, is not a 'target rich' objective attracting the attention of 'Web-pirates'. Puppy Operating systems are downloaded as compressed packages from reasonably secure websites, as are pets, debs and other packages various Puppys may use. Adulteration of these would require some type of 'man-in-the-middle' attack.

That leaves only the post deployment use of a Puppy in accessing the web as a vector for contaminating a User's operating system. Most Linux operating systems function as 'a unified system' constantly writing to 'Storage' preserving changes. Puppys operating under PupMode12 do that. But Puppys don't have to operate under PupMode 12. Puppys can be run under PupMode 5 (without a Storage Medium to write to) or PupMode 13, where only user selected changes are preserved. Under PupModes 5 and 13, if the User does not preserve changes, whatever changes may exist in RAM are wiped. Long ago I advocated that when running PupMode13, any desired additional software requiring installation be downloaded, stored, but not installed until after a reboot; and then immediately installed and a Save executed before again accessing the Web.

As far as I know --and correct me if I'm wrong-- malware designed to search for and then transmit sensitive information, or modify an operating system are sufficiently complex that their size requires they be downloaded as components, then assembled by running one of those components. A properly hardened web-browser will deter the downloading of components. And the absence of any component which was wiped from memory on shutdown/reboot will prevent the accumulation of components needed to be assembled.

Without regard to how many flaws there are in its 'old' kernel, the threat malware poses to a Puppy exits in the realm of possibilities, not probabilities.

[ozsouth]

Still suffering brain-fog from getting covid a couple of weeks ago, so please forgive any muddled expression.

Another issue with changing kernels - if you installed any kernel-specific drivers, you need to remove them before kernel update. After update, install new kernel's drivers. Fossapup64_9.5's puppy .sfs contains rtl8821ce driver for original kernel 5.4.53. If you installed the original pup (& have a save file/folder), then update the kernel, old driver is redundant, but /lib/modules/5.4.53 still exists due to that driver & loading will be attempted - must delete that folder, run depmod, then delete /etc/init.d/depmoda (driver launcher), then save. I already removed it from my Fossa64-mid & less, before release.

On the subject of 2 year LTS, my style of kernels are not really suited to a faster pace of change. I intend to continue to make a few, until they become ineffective. Some of my limitations (gcc), are already approaching that point.
As down-the-line debian kernels will keep up, I expect that to be the future, perhaps tweaked.

To me, puppy's main point-of-difference is being able to revive old machines. If that largely stops, folk could just as easily use other options.
Old kernels, kept at archive.org (see links under 'kernel archive' post in forum Kernels section), are for those with old machines to try OR to match a specific driver that was compiled for an available kernel. As many kernels there do not have sources (mine usually do), drivers can't necessarily be compiled to suit. Modern puppies are increasingly including driver compiling options.

Old puppies have a similar use-case to old kernels.
That's why I made Fossa64-mid - hopefully useful on old machines, but with updated security (for now).

[dimkr]

Puppy Linux users make up a small share of them, https://distrowatch.com/, a niche within a niche.

Maybe, but Puppy is not different from other distros that use glibc, openssl, etc'. It's built from the same components: sometimes, exactly the binaries used by some other distro. The fragmentation of the Linux distros landscape and Puppy's low popularity doesn't make Puppy more secure.

Your Puppy is likely to be vulnerable to these two, just like any other distro:

https://cve.mitre.org/cgi-bin/cvename.c ... -2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-4911

Using an outdated kernel is only one part of the problem of lack of security updates, and PUPMODE 5 is not strong security guarantee if an attacker can replace one of your SFSs (adrv is small, it's fast to decompress, add malware and re-compress).