A solution for my laptop (ACPI issues) requires compiling a kernel. I've built a kernel before but it was from a "how-to". I'm in need of advice re: maintaining a custom kernel from a security point.

My current system (Debian) comes with 3.1.0 kernel. Latest vanilla kernel is 3.1.4. I read that distros tweak kernels for their needs and it would seem logical to stay with Debian's kernel.

From security and ease of maintenance standpoint, is it better to stay with my distro kernel and just recompile every time I do an upgrade? Or should I compile the latest kernel and keep applying patches as those become available.

Thank you for your help and advice.

Linux kernel 3.1 is pretty recent, it isn't in stable branch at kernel.org

3.1 is good now. My question is about maintaining it in the future as security fixes come around. I'll still need to recompile (for my ACPI issue). So, is it more advisable to re-compile my distro's kernel (Debian is always a few versions behind) or, as long as I'm compiling, get the latest kernel.org kernel and keep applying patches. Wouldn't kernel.org be a step ahead on security matters than Debian? Or not necessarily?

I follow upsteam kernel.org stable kernels on my Slackware system, but Slackware doesn't have the same sort of dedicated kernel/security team setup that Debian has, so I'm not losing anything by going it alone. What I normally do is stick to updates within the latest stable series until Greg K-H makes his usual "This is the last in this series, time to move on" announcement.

I think it's going to be a case of Swings and roundabouts: You'll gain anything new from kernel.org, but lose anything that the debian guys bring to the table. For Slackware it's a no-brainer as it's no Swings and all Roundabouts. The situation with debian isn't so clear cut.


P.S. 3.1.5 just arrived.

Indeed, and marked as stable in http://www.kernel.org/

I was fooled by my newkernel bash alias

Since my focus is heavily on security & stability rather than performance & hardware... Two questions:

1. Would I be correct in assuming that, as long as all my hardware needs are met by my distro's kernel, I would "gain more" by staying with Debian's security team vs upstream?

2. What is the correct/recommended re-compile procedure (since I'm not a building-from-source expert): When I do an upgrade and get a new kernel, is it more advisable to go line-by-line, input my needed changes and re-compile? Or can I use the option "import/use current settings" and simply apply those to the new kernel (I'm worried that, even though importing 'current settings' is easier, it might over-ride something that Debian team did, which resulted in getting a new kernel in the first place).

I hope that made sense

1) I would think so, but I'm not a debian user and really not the best person to ask. As a generalisation, sticking with the distro maintained kernel where possible seems like a good choice, especially so if you are unsure of how to proceed..

2) If you're just updating by just a version or two then it's probably best to run an existing kernel config file through "make oldconfig". If you're going up several versions all at once then you may be better off starting from scratch, or seeing if you can beg/borrow/steal a config file from someone who has already done the hard work - Configuring a kernel from scratch is a bit of a daunting task and will eat a good deal of your time to do properly.

Perhaps this will help answer some of your questions regarding process: http://kernel-handbook.alioth.debian.org/index.html

I'm really not the right person to ask about things debian.

Yes, that link does help a lot. At least I have more of a direction now and a lot more answers. Thank you for all the help.