A couple of days ago i downloaded the linux-source-2.6.26 package from the repository, and afterwards spent two days going through every single configuration option to the kernel so i could disable every function or driver that was not needed by my server. I compiled the kernel with make-kpkg so the the result was a deb package that i transfered to my server and installed. Everything is running smoothly and working perfectly. I have not reduced the memory footprint very much because i did choose to compile som elements directly into the kernel to avoid a RAM disk, so the footprint is 8 MB now and it was 9 MB before with a standard minimal Debian Lenney installation, but this is fine.

In a standard Debian Lenny installation with a standard kernel, "aptitude update" will notify about security updates to the kernel so it kan be updated with aptitude safe-upgrade. I have used the --append-to-version option so aptitude should not try to upgrade my kernel as far as i know.

How do i handle and get notified about security updates when running my own custom kernel? I have read the "Debian Linux Kernel Handbook" but i did not find anything clear on this subject, so maybe someone with first hand expirence could give a hint?

maybe this mail list will help you http://lists.debian.org/debian-security-announce/

If you have the linux-source package installed it will be upgraded with the security fixes. So, if a new linux-source package gets install in your daily "aptitude update && aptitude upgrade", you can simply rebuild your binary kernel package (make sure to reuse your painstakingly customized config).

Evo2.

Great, when i am reading what you are writing it now seem obvious that the source would be updated like any other package in the repository. I keep the source in an virtual instance of Debian Lenny this way the compile time is reduced many times because the server is a Pentium III (Coppermine).

While i was configuring the kernel i compiled it many times to check the changes i was making. At one time after spending the whole first day configuring i dediced to try "make mrproper" before reading the man pages, when it was done i realized that my .config was replaced with a standard one, NOOOOOOO . Luckily at a earlier configuration stage i marked the option "Kernel .config support" and "Enable access to .config through /proc/config.gz because it sounded like a good idea.

Also, after installing the linux-image deb you created it will be in /boot/config-2.x.y-foo

Cheers,

Evo2.