LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora Legacy has major problems

Fedora Legacy has major problems

Posted Jan 26, 2006 4:19 UTC (Thu) by JoeBuck (subscriber, #2330)
Parent article: Slowing down Fedora Core

I've run Fedora distros a long time. Fedora Legacy was a nice idea, but it just hasn't worked; the rate of security patches coming out of Legacy has been far short of what is required.

Truth in advertising requires the admission that distributions that have transitioned to Legacy no longer have effective security support, especially when it comes to kernel bugs.

If you want to argue otherwise: until recently, FC2 was the newest distro supported by Legacy. They did a kernel update on March 28, and none since then. This means that all kernel bugs found in the last 10 months are still present in FC2 as maintained by Legacy.

Legacy has done a better job with security bugs in applications; in many cases they can just build a new release against older libraries, and ship.

Perhaps a compromise is possible: the Fedora Core team could continue providing kernel security updates for a period long enough to allow Fedora users to confidently skip every other update (e.g. go from FC4 to 6 to 8, etc), while asking Legacy to only support userspace.

(Log in to post comments)

Kernels present special difficulties.

Posted Jan 26, 2006 14:33 UTC (Thu) by brugolsky (✭ supporter ✭, #28) [Link]

I agree that there are problems with Legacy, and that kernel updates are the most troublesome issue. The biggest difficulty with your proposal is, as I'm sure Dave Jones will confirm, that changes in the kernel (and latent bugs in some userspace components) keep breaking user-space components such as udev, libselinux, alsa, etc., so it is not easy or sufficient to, say, upgrade everyone to 2.6.15.1. One can't just drop the kernel SRPM for the currently supported release into the build system for the various older releases without ifdefs sprinkled throughout the kernel spec file and/or other package updates. Since the kernel and the userspace components have separate maintainers, coordinating an update is a bit of a problem.

The alternative is to attempt to cherrypick and backport fixes. That can be a lot of work -- work that detracts from improving the current, supported releases.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds