My main concern is to get a fresh kernel whenever some security problem are fixed.
If you're running Debian stable (currently lenny), you'll rarely get an update; w/ Debian testing (currently squeeze) you'll get a few more but still pretty uncommon. This is a good thing: security issues in stable kernels are fortunately rare.
For example, here's the recent history for the kernel package:
feed://packages.qa.debian.org/l/linux-2.6/news.rss20.xml
So, stick with Debian's updates and rest easy. I don't believe you need the ~tbm/orion repository; the standard Debian sources should be fine.
http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html#s-sources.listOr, if you want to bleed a bit more, do-it-yourself and manage your kernel manually, e.g. via sheeva.with-linux.com/sheeva/; in this case you'll need to follow kernel mailing lists to see when you need to update (and trust cbxbiker61 who graciously provides the SwL kernels :-).
Assuming there is such a thing as regular kernel updates, how exactly tells uBoot the kernel has changed ?
If you install the kernel to flash, u-boot doesn't need to know about updates (it'll keep on truckin', loading the new kernel from the old/same location).
If you boot the kernel from external storage, managed by Debian, Debian will update the symlinks in / to point to the new kernel images. i.e. uboot will find the new kernel via the symlink.
Either way, normally you don't need to touch u-boot when updating the kernel.
uImage/uInitrd: uboot requires it's images to be in a specific format (
http://www.denx.de/wiki/DULG/UBootImages); basically a wrapper around the file. uImage is a uboot wrapped kernel image, similarly uInitrd is a uboot wrapped initial-ramdisk image (
http://en.wikipedia.org/wiki/Initrd, required by highly-modular kernels, e.g. Debian; sheeva.with-linux kernels don't need one).
Good luck,
Ben
