On 03/06/18 20:05, Clifford Ilkay via talk wrote:
By the way, I don't understand why long up times are considered to be some sort of badge of honour. If you're doing regular updates even with very conservative distributions, like CentOS or Debian stable, you're going to have to reboot your server due to kernel updates at least every few months.
There are a few kernel hot fix tools out there to address this. Canonical offer canonical-livepatch: https://www.ubuntu.com/server/livepatch SuSE has kGraft: https://www.suse.com/products/live-patching/ RedHat develops kpatch: https://access.redhat.com/articles/2475321 - I'm not sure how they distribute patches. Oracle bought ksplice: http://ksplice.oracle.com/ Shameless self-promotion - I think ours is the easiest to setup - snap install, livepatch enable and you're all set. That and you get 3 tokens free whereas all the other offerings seem to require paid subscriptions. You can get a $0 ksplice license for a single desktop system I think, but other than that, Oracle seem to only support their own Linux with it now. None of these helped with spectre/meltdown but for any other patches that I've seen, patches just happen. These tools give more flexibility in terms of planning infrastructure reboots while keeping systems stable and secure. I highly recommend running one! Cheers, Jamon