Keeping your kernel secure

In this page, the kernel security in Gentoo is explained.

Recommendation
If you're using, then it's recommended to use the latest stable kernel for your desktop use PC.

Server users have to understand the kernel status well, but you can stick to the latest in 2.6.32-rX series at the time of Sep 2011.

Gentoo-sources and security updates
First remember that Gentoo Linux Security Advisory (GLSA) does not warn about kernel security issues.

Security fixes appear in two manners: in newer upsteram versions, and in newer -rX. Not all fixes are done against older series, like 2.6.x if there're already 2.6.y with y > x, and that's why you're recommended to upgrade. Of course the 2.6.32, a long-term stable series is an exception.

If an emergent security fix appears, and if 2.6.x-rY is the latest unstable, then rY+1, which is rY plus that security fix, gets stabilized.

Don't forget to see the Genpatches homepage.

Desktop and security
In general, desktops don't need much worry, as explained by krinn in this Gentoo forum thread.