[ubuntu-hardened] LTS Enablement Stacks; newer kernel (with new security features) and system security.

[daniel curtis]

Hi

My question is rather theoretically. I would like to ask about something
like; The Ubuntu LTS Enablement Stacks, which "(...) provide newer kernel
and X support for existing Ubuntu LTS releases" etc. If, for example, I
would like to take advantage of this mechanism what are the benefits from a
security point of view?

I'm seeing it this way; newer kernel - more new security mechanism, but on
the other side; newer kernel - more, potentially, holes and so on. (It was
discussed, for example, in this thread: 1., 2.) Mr Tyler Hicks noticed,
that: "It would be wrong to think that a software project only becomes more
secure over time (...)"

Of course it's not the only one conclusion, but it definitely right.
Anyway; as I mentioned - my question is rather theoretical. But I would
like to ask if it makes any sense to install a newer Linux kernel via The
Ubuntu LTS Enablement Stacks in situation where user don't need newer
version of kernel and X for a better devices support etc.

I mean security considerations. What is yours opinions? It's worth to make
such an operation? I recall: everything works for the current kernel, but
the newer one, brings newest security features etc. But maybe I'm totally
wrong and I don't understand the whole  LTS Enablement Stacks mechanism?

Thanks, best regards.
_____________
1. https://lists.ubuntu.com/archives/ubuntu-hardened/2016-March/000843.html
2. https://lists.ubuntu.com/archives/ubuntu-hardened/2016-March/000847.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170222/81364973/attachment.html>