[tor-relays] Linux kernel vulnerability
Duncan Guthrie
dguthrie at posteo.net
Mon Oct 24 03:06:59 UTC 2016
Hi folks,
I think this is a very extreme and unnecessary solution. While it is good to keep relays up, this may be unreliable. It is good to perform maintenance regularly, and reboots are often best.
Also, it appears to be proprietary technology. I would not advise proprietary technology on a Tor relay as it opens up a whole other can of worms, who controls the software etc.
Can people really not afford to reboot once a month or similar? Uptime is good but the only reliable way to apply kernel updates has always been reboots. Restarting also can apply updates to certain system services as well, if I am correct.
-- D
On 23 October 2016 09:42:38 BST, Jonathan Baker-Bates <jonathan at bakerbates.com> wrote:
>I know some people using this for applying kernel updates without
>rebooting, but don't know how good it is:
>
>https://www.cloudlinux.com/all-products/product-overview/kernelcare
>
>
>
>On 23 October 2016 at 09:16, nusenu <nusenu at openmailbox.org> wrote:
>
>> > Second, you will reduce the uptime and stability of
>> > your relay, thus it will lose consensus weight if you reboot the
>machine
>> > once a day.
>>
>>
>> Unattended-Upgrade::Automatic-Reboot "true";
>>
>> Does not reboot your machine "once a day", it reboots when a new
>kernel
>> requires a reboot. Which on Debian stable / Ubuntu LTS is far from
>being
>> a daily event.
>> And the frequency of reboots actually should not differ compared to
>> manual reboots.
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161024/0c880cee/attachment.html>
More information about the tor-relays
mailing list