The linux-stable security tree project

Some possible context: the maintainer works for Oracle's Ksplice team, and the stated purpose of the tree fits perfectly with the set of patches you'd expect Ksplice to apply to a stable kernel, but not the ones you wouldn't.

What I would find more useful is a way to do something like:<p><pre><code> $ apt-get upgrade --security-only </code></pre> on a normal ubuntu distribution. The key thing for me is to have as little change as possible from the time the machine is initially provisioned.

I&#x27;d guess this is a result of two things:<p>&gt; customer pushback over seeing churn in changelogs for their &quot;stable&quot; systems<p>&gt; RH making it difficult to cherry-pick kernel patches out of their tree by only including their changeset on the vanilla kernel version as a monolithic patch<p>They can&#x27;t feasibly lie to their customers by eliding the changelogs, they presumably have failed to change attitudes about fixes to other parts of the codebase being rolled in, and so here we are, though having it be public is an interesting choice for Oracle.<p>I wonder if it&#x27;s also a PR move to get other people to leverage their &quot;security&quot; tree.

<i>&gt; This project provides an easy way to receive only important security commits</i><p>I wonder if this is actually possible, given that a refactoring or code cleanup could also remove lots of security issues (which in part aren&#x27;t even known today).<p>This point is quite well articulated by the OpenBSD security folks, for example:<p><a href="http:&#x2F;&#x2F;www.tedunangst.com&#x2F;flak&#x2F;post&#x2F;long-term-support-considered-harmful" rel="nofollow">http:&#x2F;&#x2F;www.tedunangst.com&#x2F;flak&#x2F;post&#x2F;long-term-support-consid...</a>

Is Torvalds going to support this? Given some of his comments on security in the past, I don&#x27;t think he&#x27;ll consider it a good idea...