Kernel 2.6 vs 2.4 (was Re: netfilter firewalling problems and solutions)

Archaic archaic at
Mon Feb 23 09:51:58 PST 2004

On Mon, Feb 23, 2004 at 12:48:06PM -0500, Robert Connolly wrote:
> On another note. I think kernel 2.6 could be considered more secure then 2.4. 
> Its shown to have bugs fixed sooner then with 2.4. I'm not sure on the 
> numbers for preformance and load handling but from the little I've used it 
> I'm guessing 2.6 would preform better then 2.4 (under attack conditions). The 
> last few months have shown 2.4's maturity hasn't saved it from having serious 
> bugs.

There's a fallacy in your argument, though. Maturity doesn't mean bug
free. It means less likely to have bugs. The code for 2.6 is still
highly untested in comparison. If we are building a hardened system,
then it is still too early for such unknowns. The same can be said about
a new gcc and glibc, but alas, we need the features in those and must go
with it, plus they aren't actually new. There is a lot of the old code
still in them along with some bugfixes. i.e. a new patchlevel release of
glibc is more mature by nature than a new major kernel release.

> Kernel 2.6 is also at about the same maturity level as glibc-2.3.3, so
> they would be able to mature together.

That's not true.

> Opinions?

The book should stay away from 2.6 for now.


"To undertake a project, as the word's derivation indicates, means to
cast the idea out ahead of oneself so that it gains autonomy and is
fulfilled not only by the efforts of its originator but, indeed,
independently of him as well"

- Cseslaw Milosz, Visions of San Francisco Bay.

More information about the hlfs-dev mailing list