The Linux kernel community is discussing removing old drivers from the last century

The Linux Kernel community is currently discussing a new important proposal. This proposal aims to remove various historical legacy network drivers from the mainline source code. If the proposal is passed, it may cause a large number of old devices using Linux systems to be unable to connect to the Internet normally (under the condition of ensuring security).

The reason for deleting these old drivers is because the artificial intelligence model discovers vulnerabilities too quickly and the number of vulnerabilities discovered is too large. This will cause developers in the kernel community to spend a lot of time checking, confirming and fixing vulnerabilities. The development of important functions and new functions will inevitably be affected, so directly deleting these drivers may be the best choice.

It’s not that the vulnerabilities are not real:

It is worth noting that many of the vulnerabilities discovered by AI are indeed false positives, but many of these vulnerabilities are indeed real. However, many of the vulnerabilities discovered by AI are minor problems. The humans actually controlled by them may not care about the vulnerability rating and will report it through AI regardless of whether it is important or not. This has led to the Linux Kernel community receiving a large number of vulnerability reports.

Community members say that most vulnerability reports are of low quality or even unfounded (these reports involve systems that no one uses), which means that these vulnerabilities may actually exist, but because the users of these drivers may not have them at all, should they fix the vulnerabilities or ignore them?

It is obviously unreliable to simply ignore all vulnerability reports. In the past, community members spent very little time maintaining old ISA or PCMCIA era hardware, but now they need to spend a lot of time to maintain it, so this involves time cost issues.

It is better to delete these old drivers directly:

Therefore, the suggestion of community developers is to delete the old network drivers directly from the Linux Kernel kernel mainline source code. This can delete about 27646 lines of code from the kernel source code tree. While streamlining the kernel code, it also directly kills the vulnerabilities caused by those old drivers in the cradle.

Moreover, the kernel will not directly delete all old drivers. Instead, it will gradually release patches to delete old drivers according to the situation. Therefore, if there are indeed companies that are still using these ancient devices and are willing to undertake maintenance work, they can also restore support for these drivers.

To put it simply, the core of this proposal is to retain it on demand. Unless a company is willing to fund maintenance, the kernel will remove support. This can not only ensure that old devices can continue to work, but also prevent these old drivers from affecting users of modern devices due to vulnerabilities.