Article is relatively good, thought they should expand on downstream distributions being the middleman. Because most Linux users don't build their own kernel from source.
That‘s why I‘m using Arch Linux. Always having the latest kernel (and latest apps and libraries) with the newest security patches is reassuring.
Yeah, rolling release distros are probably latest thus greatest when it comes to security. However I never really felt threaten enough to use them, because major traditional "big" release distros do backport patches often and fast enough for me. Given that I use free version of Gnu/Linux disteos like openSUSE, what I really miss is live patch feature. Commercial releases do come with access to live patches, so you can patch kernel without doing any reboot!
Canonical offers live kernel updates (Livepatch service) as one of the features of Ubuntu Pro, for Ubuntu and Ubuntu flavors. I use Ubuntu Pro for its Expanded Security Maintenance (ESM) feature. I disabled the Ubuntu Pro Livepatch client service, as I have no problem rebooting my two systems to deploy kernel updates. However, I understand how Livepatch is most welcome in other situations to minimize downtime and unplanned reboots.
Ok, however live patching wasn't developed by them. https://www.redhat.com/en/topics/linux/what-is-linux-kernel-live-patching
