LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Distributions page

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora's legacy changes

August 9, 2006

This article was contributed by Jake Edge.

With the release of Fedora Core (FC) 6 Test 2, the Fedora project has stopped supporting FC4 and passed the baton to the Fedora Legacy project. This is as expected, but another announcement may come as a bit of a surprise. Fedora Legacy has dropped support for FC1 and FC2 and will be dropping support for Red Hat (RH) 7.3 and RH9 at the end of the year.

The Fedora Legacy project was established to backport critical security fixes to FC releases that had reached end of life so that admins did not have to upgrade on the fairly short time scales (roughly one year) that Fedora would support those releases. When the project was established, it was also providing security updates for various RH releases. After 31 December, the last two RH releases will drop off the list and Fedora Legacy will just be supporting FC3 and FC4.

That change potentially leaves many systems without a way to get security patches and will require admins to either upgrade or backport fixes on their own. It would appear that this situation is actually nothing new; the Fedora Legacy project has been slow to patch security issues with all of the releases they have supported. For example, the most recent RH7.3 patches are from 6 June and there have been several recent security issues that are presumably unpatched.

It is not just the older releases that are impacted by this, FC3 has kernel version 2.6.12 in the legacy updates, but there have been quite a few 2.6 kernel releases, some of them for security problems, that are not available for FC3. The recent Apache web server vulnerability is another that remains unpatched for any of the legacy releases.

Where does this leave users of FC4? Given the track record, it is hard to believe that Fedora Legacy will be quickly patching security issues as they arise in that distribution. Upgrading to FC5 would seem the best option for admins who do not want to maintain patches for themselves. Of course, FC5 will be moving to Legacy support in roughly six months.

Fedora Legacy is a great idea, but appears to suffer from a lack of participation from the community. Without timely updates for critical bugs, the entire FC distribution series would seem to be at risk. Yearly upgrades of systems, particularly servers, is just not possible for many admins. This could easily turn into the Achilles' heel for Fedora Core.

(Log in to post comments)

Fedora's legacy changes

Posted Aug 10, 2006 2:00 UTC (Thu) by dskoll (subscriber, #1630) [Link]

This could easily turn into the Achilles' heel for Fedora Core

It already is the Achilles' heel, and is why I abandoned Red Hat/Fedora around FC1 for Debian. The FC hackers like doing all the fun stuff, but at least the Debian hackers have the discipline to do the grunt work for several years after a release.

Fedora's legacy changes

Posted Aug 10, 2006 2:03 UTC (Thu) by ewan (subscriber, #5533) [Link]

Why would anyone want a long term supported Fedora Core at all? There
are clearly people who want a fast turn around, frequently updated,
slightly rough bleeding edge system (like Fedora), and there are people
who want the rough edges filed off, fewer major updates, and long support
(like RHEL, or the rebuilds).

Fedora legacy seems like the worst of both worlds; outdated software with
rough edges.

Fedora's legacy changes

Posted Aug 10, 2006 6:55 UTC (Thu) by sveinrn (guest, #2827) [Link]

My impression is that the community members who prefer outdated software usually stick with Debian. So I think the problem is that there are too few old Fedora installations to support.

Fedora's model is to upgrade often

Posted Aug 10, 2006 13:57 UTC (Thu) by dwheeler (guest, #1216) [Link]

Fedora has been very candid that they expect people to upgrade often. I recommend waiting a month or two after a major release (so they can get any burrs out), but then upgrade. Security patches for FC3 and earlier are available, for free... but they're called FC5 :-).

It's a trade-off; the advantage is that you get the newer/better stuff, tested to work together. That's a good choice for many. If you don't want to upgrade often, RHEL or Debian might be a better choice of distribution. You need to pick a distribution that meets your needs.

Fedora's model is to upgrade often

Posted Aug 10, 2006 17:37 UTC (Thu) by astrophoenix (guest, #13528) [Link]

so say I was running FCX-1, and wanted to upgrade to FCX. (pick the best
possible number for X you can).

do I still have to basically do a re-install (like in the bad old days
when I was running redhat 8), or is yum or apt-rpm or whatever is in
vogue now capable of upgrading the system nicely (comparable to upgrading
a debian, ubuntu, or gentoo system, i.e., not a re-install). thanks.

Fedora's model is to upgrade often

Posted Aug 10, 2006 21:21 UTC (Thu) by knobunc (subscriber, #4678) [Link]

I upgraded from Redhat 9 to FC 5 in one day. Remotely via ssh. And the machine works well.

Make sure you follow the guides because there are some rough spots. Here are the guides I used: http://del.icio.us/knobunc/upgrade

-ben

Ubuntu 5 year rocks

Posted Aug 10, 2006 17:16 UTC (Thu) by ccyoung (guest, #16340) [Link]

all of my new servers on Ubuntu, moving old ones there as support wanes. their 5 year support is most generous.

When to use Fedora Core?

Posted Aug 10, 2006 20:46 UTC (Thu) by dowdle (subscriber, #659) [Link]

Pardon me while I give my opinion.

Fedore Core, while it contains server applications, it *NOT* a server OS... unless you are the type of person who wants to upgrade/reinstall at least once a year. I definitely don't.

I *DO* run FC on desktop machines because on desktop machines... I want more bleeding edge stuff. Even if there is an upgrade path between versions I prefer to do a clean install... leaving my /home intact. That really isn't that painful... at least not for me.

On servers, I run either RHEL or CentOS.

While I use Debian in a few places, I really don't care for it as a desktop OS... mainly because of the long time between major releases... although they are trying to change that.

When to use Fedora Core?

Posted Aug 10, 2006 21:44 UTC (Thu) by smoogen (subscriber, #97) [Link]

Amen brother. The problem is that too many people have un-realistic expectations of what an operating system should do versus can do.

When to use Fedora Core?

Posted Aug 11, 2006 23:31 UTC (Fri) by yohan555 (guest, #4253) [Link]

Best option, I agree. RHEL on the server and Fedora on the Desktop, a great combination.

When to use Fedora Core?

Posted Aug 15, 2006 16:23 UTC (Tue) by wcooley (guest, #1233) [Link]

Indeed; it's a matter aligning your needs with the goals of the distribution. RHEL and CentOS with my own and Dag/RPMforge add-ons, keeps me pretty well for servers and the latest Fedora for workstations or development/preview servers.

I should note, too, that people running Red Hat 7.3 and 9 should be able to migrate fairly painlessly to RHEL/CentOS versions 2 or 3, respectively.

Fedora's legacy changes

Posted Aug 11, 2006 11:06 UTC (Fri) by NRArnot (subscriber, #3033) [Link]

If you want a free-beer RedHat-alike system that's going to last as well as RHEL, then consider Scientific Linux as well as CentOS. Despite its name SL is a very good choice for non-scientists. CERN and Fermilab provide fairly heavyweight backing.

Fedora remains pretty good if you are willing to upgrade, which is usually fairly painless on a workstation. It's not what you want for a 24x7 server, though.

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds