>> built for 6.7 only (since there are only 6.7 headers now). Bastian> Ah, here lays the missconception. No, the 6.6 ones are not Bastian> removed. Why should they be? The system knows it can't Bastian> rebuild them. Bastian> If the current implementation would remove them, it is a Bastian> problem there, not in the concept. I still think it would help if you would work more on articulating what problem you are trying to solve with the linux-headers versioning change. I have read multiple versions of this proposal, and your follow-ups, and I still do not understand what is prompting the linux-headers change. My intuition mirrors others in the conversation that it is problematic to support multiple kernel versions without also supporting multiple header versions.
concerning the linux-headers. may i explain what happend to me.
I reinstalled a debian 11.6 some months ago. and last week i had to make virtualbox functioning again. it had to "compile" some kernel modules and need some "headers". my kernel (from the install is 5.10.0-23-amd64 #1 SMP Debian 5.10.179-3 (2023-07-27) x86_64 GNU/Linux) so virtualbox need some 5.10.0-23 headers... you can find 5.10.0.20, 5.10.0.22, 5.10.0.25 in the repos from where the install came from.
I had to surf the web and find a 5.10.0.23 in the web site of an university and wget it to dpkg -i it.
I do not know (maybe i could not even understand) the security reasons/problems of the headers versioning but it seems from my end-user point of view that, the actual situation that lend me to download from a website is the worst possible solution.
hervé
Bjørn
thank you for your answer.
I remember that linus had the aim to be the less annoying for the
user-expérience. I can understand _your_ point of view to have the
"kernel-three-code" and the "security" card things. the fact is i
didn't choose neither testing, neither sid but stable. And in my
experience upgrading kernel is not always smooth. so I used to
keep the same kernel, until it is important to change, and i have
time to do it. Not when i have to run a wm to finish a job.
It is, from my point of view a "geek" stuff to "delete" the
packages from the repos. _you_ think I _must_ upgrade my kernel.
OK. But if it was so simple their would not have theses messages
on the list. When i tried to install the headers i had no message
i should upgrade, just the packages were not existing (the same
that if there was was a typo). So i surfed the web to find it. How
could i know that i _should_ upgrade to benefit the right to get
some headers ? If i installed them in the same time as the kernel,
i would have them already : which differences in terms of security
(installed in july - installed in september) ?
I just want to point, that i didn't initiate a thread to
complain, i just share my experience on an existing thread about
headers and security. i was not shamming security or else. i was
just saying that the politic to improve security pushed me to
download from the web instead of the repos. is the solution worse
than the disease ? I use linux on the desktop for almost 25 years,
red hat, then fedora, then debian and that never happened until
last week. I was thinking that the difference between free
software and proprietary one is the possibility for free software
user to upgrade when _they_ want and not when the _supplier_
decide they should. and suppress headers is _forcing_ user to
upgrade.
So to conclude, my experience is not a way to propose or impose a solution but to point that there are sometimes between chair and screen some "normal" persons that just want things to run. If the solution proposed by virtualbox (install headers, naming them) could not function, they will install something else. And, if i find alone the solution by some little experience, lots of people won't. Of course you are right about "Running out-of-tree kernel code" but that would not help them.
Linux is not so easy, maybe it is not a good idea to had some
complications. if a kernel is so rapidly "out-of-tree" why let it
in the "stable" distribution ?
my 2 cents.
hervé
ps : i really understand your point of view, i just want to say
it is not in the 10 commandments