Re: [tor-relays] Linux kernel vulnerability

[Duncan Guthrie <dguthrie@xxxxxxxxxx>]

Hi folks,

I think this is a very extreme and unnecessary solution. While it is good to keep relays up, this may be unreliable. It is good to perform maintenance regularly, and reboots are often best.
Also, it appears to be proprietary technology. I would not advise proprietary technology on a Tor relay as it opens up a whole other can of worms, who controls the software etc.
Can people really not afford to reboot once a month or similar? Uptime is good but the only reliable way to apply kernel updates has always been reboots. Restarting also can apply updates to certain system services as well, if I am correct.

-- D

On 23 October 2016 09:42:38 BST, Jonathan Baker-Bates <jonathan@xxxxxxxxxxxxxx> wrote:

I know some people using this for applying kernel updates without rebooting, but don't know how good it is:

https://www.cloudlinux.com/all-products/product-overview/kernelcare

On 23 October 2016 at 09:16, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:

> Second, you will reduce the uptime and stability of
> your relay, thus it will lose consensus weight if you reboot the machine
> once a day.


Unattended-Upgrade::Automatic-Reboot "true";

Does not reboot your machine "once a day", it reboots when a new kernel
requires a reboot. Which on Debian stable / Ubuntu LTS is far from being
a daily event.
And the frequency of reboots actually should not differ compared to
manual reboots.


_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays