

This was also my experience. I know the disclosure was handled poorly, but I’m pleased to see that my distribution (Fedora) reacted expediently to news of the security issue.
This is a secondary account that sees the most usage. My first account is listed below. The main will have a list of all the accounts that I use.
Garbage: Purple quickly jumps candle over whispering galaxy banana chair flute rocks.


This was also my experience. I know the disclosure was handled poorly, but I’m pleased to see that my distribution (Fedora) reacted expediently to news of the security issue.


Woah, I didn’t know they were working on those features. Thanks for sharing!


Normal user? Extremely rarely would you need to build the kernel. Distributions design their options to fit most use cases, and you’ve observed the extensibility through modules. The kernel itself has moved towards runtime configurable options for your convenience over time, such as with
PREEMPT_DYNAMIC
Where in the past changing the preemption model would require a recompile. Ultimately, this is a good thing; it makes your life easier and you can get better support for a common kernel if you need to debug.
It does happen though if you need special hardware or if you’re picky about specific kernel features. For example, I’ve used kernels that don’t have built-in support for memory compression. Need is a subjective term, and I felt that was a configuration option that I needed because a memory upgrade was not an option. I would argue there was a point to that effort. Considering that you phrase your question as asking about normal users, then no, I would say that’s rarely beneficial, might actually be disadvantageous because you won’t receive as much help debugging problems from your distribution, and generally you can achieve your goals by tuning runtime kernel parameters anyway.
Defense in depth, indeed. There’s layers to trust, and I prefer that my containers stayed contained just in case.