Because the kernel code executes at the highest privilege level and a kernel bug usually crashes the whole system, many SREs, production engineers and system administrators try to avoid upgrading the kernel too often for the sake of stability. There is a tendency to create more obstacles to Linux kernel releases (requiring more approvals etc). But introducing all these obstacles and not treating kernel updates like any other software usually significantly increases the risk for the company and their service of being exploited.

One of the reasons SREs and engineers are too afraid of ANY kernel upgrade is that they don’t actually know the details about Linux kernel release process and policy. This talk tries to demystify Linux Kernel releases and provides a guide on how to distinguish a kernel bugfix release from a feature release. We also describe how kernel releases are implemented in our company and propose possible approaches to deploy kernel upgrades regularly with minimal risk.