Weekly Edition
Return to the Distributions page
| |||||||||||||
|
| |||||||||||||
Fedora: (another) proposal for extended supportFedora is a fast moving project. New releases are on a six month schedule and each release is supported for only 13 months. Every so often the topic of extending that support window is raised. LWN covered a lengthy thread on the fedora-devel mailing list last October. Now a new proposal from Jeroen van Meeuwen has cropped up on the mailing list. Fedora's cutting edge desktop is attractive to many, even in corporate environments. For those corporations that run Red Hat Enterprise Linux (or a derivative thereof) on their servers, Fedora provides a more up-to-date, yet compatible, desktop. Many of these corporations are willing to update their desktops once a year so, on the face of it, the thirteen month support window seems like enough. One can run Fedora N for one year and have one month in which to chose to upgrade to Fedora N+1 or N+2 and remain supported. However, things happen. Every now and then you just can't upgrade during that one month window and that leaves you unsupported for as long as it takes to schedule that upgrade. Having a slightly longer support window is attractive to many, so proposals keep cropping up, but it is hard to achieve in practice. Fedora Legacy was successful for a while, but eventually that project was abandoned. So one has to ask why another proposal would be successful now. The Extended Life Cycle (ELC) wiki page lists some good reasons for the proposal, but is more vague on how it will be accomplished. The proposal targets Fedora 12 as the first ELC release and calls for an additional six months of security updates after EOS (End of Service), so F12 would receive security updates for a total of of nineteen months. This is about half of the time one would run a RHEL (or derivative) distribution, keeping the desktop much fresher. However the proposal also notes:
Clearly those two points could create some problems. No one is suggesting that security fixes be backported, so some packages will break during those six months. If one of those packages happens to be Firefox or some other critical desktop component the whole ELC support falls apart. Of course different businesses will consider different applications to be "critical". There are other practical issues such as mirror space, CVS commit access, bugzilla maintenance, and more, which are listed on the wiki. Kevin Kofler notes on the mailing list:
We'd just need some minimal infrastructure effort, one person willing to do
the pushes (like you're doing for the supported releases) and everything
else would be "as is", if somebody wants something fixed, they'll have to
push the fix, if nobody cares, it won't be fixed. It isn't supported after
all. And no QA, if it breaks, you get to keep the pieces. Again, it's
unsupported, that means what it means. I still think it's better than not
getting any security fixes at all.
Kevin Fenzi adds:
I think it is worse. It causes people to have an expectation that something
will get security updates, and when it doesn't happen and they get
compromised, they will not be very happy.
According to the Fedora Objectives: "Fedora is not interested in having a slow rate of change, but rather to be innovative. We do not offer a long-term release cycle because it diverts attention away from innovation." Clearly any sort of ELC proposal goes against these stated objectives. Jesse Keating takes a look at how this proposal differs from Fedora Legacy:
First off, I think this is different from Fedora Legacy, or has
potential to. Legacy had a few very key fail points. 1) it was opt in.
Users had to know about it and actively enable it. 2) it was completely
done outside of the Fedora infrastructure. 3) Fedora's popularity was
very hit and miss, the type of people that would best use a Legacy like
service were too burned to give any Red Hat related offering a shot. 4)
RHEL4 (and its clones) were new enough for most of the people that would
use this service, and thus they went that way.
However he also notes (among other points) that there needs to be some clarification of what vulnerabilities will get security updates. Clearly a local denial of service is a far different beast than a remote privilege escalation. Updates need to be all or nothing. It can't be up to the developers to decide what applications are critical to all users. Fedora infrastructure continues to evolve and it could possibly be made to work for this proposal without too many major changes. This proposal is less ambitious than its predecessors, which is a point in its favor. It is also clear that this topic will continue to come up periodically until some solution is achieved. Whether it is this proposal or not remains to be seen. (Log in to post comments)
Fedora: (another) proposal for extended support Posted Jul 16, 2009 4:26 UTC (Thu) by qg6te2 (guest, #52587) [Link] Let's take a not-so-wild extrapolation as to how this latest proposal is going to end up. First, some facts:
The "longer life-cycle" proposal is going to be mulled over, and then quitely swept under the carpet.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 9:10 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
A few things to consider:
* Majority of packages in Fedora are now maintained by volunteers
* Longer lifecycle in Fedora isn't going to reduce the revenue stream anymore than a free rebuild of RHEL itself would. The revenue model is commercial support and service agreements and not just the software itself. Otherwise, there wouldn't a chance against hundreds of free distributions, some of them with relatively longer lifecycles.
* Fedora is upstream or the basis of not just for RHEL but several other projects like OLPC or Moblin. OLPC's latest build for example is almost 100% Fedora. Whatever improvements made is pushed upstream aggressively and benefits all the other distributions as well.
* Considering point 1, even assuming what you claim is true, it wouldn't necessarily matter. Other organizations have been sponsoring infrastructure as well and all of it by policy free and open source
http://fedoraproject.org/sponsors
The actual barrier if anything is going to be the amount and nature of the work required and people in the community willing to do that. I have signed up since the proposal seemed more reasonable this time. Let's see if there is enough momentum to take it further.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 11:38 UTC (Thu) by nim-nim (subscriber, #34454) [Link]
> * Majority of packages in Fedora are now maintained by volunteers
As was stated many times during the Fedora Legacy era just because you don't get a Red Hat paycheck does not mean you're interested in supporting old and crufty systems. If that was the case EPEL would have the same coverage as Fedora.
It's interesting that the two Fedora derivatives you list (there are others) are also not interested in old systems and try to push the envelope just like Fedora.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 12:32 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
By the virtue of a larger community of package maintainers, the agenda can be more diverse and if that community is interested in maintaining older versions, that is a possibility. The scope of the current proposal makes it more feasible than before. I think we are in terms of infrastructure, community and process in a much better state than Fedora Legacy.
EPEL is in a different boat. It is a relatively young project, many of the latest software won't build on older releases etc and not really comparable to a extension of a existing release by six months just for security fixes.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 5:13 UTC (Thu) by sbergman27 (subscriber, #10767) [Link]
The thing I find most satisfying and uplifting about this proposal is that for the first time in years... I don't have to care whether it works out or not. My migrations of all Fedora machines of any importance at my client sites to... another distro... are now complete. The storyline of the Fedora soap opera is no longer of concern to me or my customers. (Yea!) And that makes reading about yet another doomed attempt at extended support (which Red Hat will kill by simply ignoring it and refusing to donate so much as a pencil to the cause) surprisingly amusing. :-)
Fedora: (another) proposal for extended support Posted Jul 16, 2009 6:22 UTC (Thu) by Cato (subscriber, #7643) [Link]
Do tell us which other distro, and why... could be helpful for others at the risk of starting a flamefest.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 6:27 UTC (Thu) by Cato (subscriber, #7643) [Link]
My concern with this is that the extended support would need to be very solid (i.e. 100% of all packages get timely updates) - otherwise people would deploy Fedora for production servers in the expect of however many years support, and then get exploited.
The quote "I still think it's better than not getting any security fixes at all" is exactly wrong - thinking you are getting fixes is worse than getting none, as the latter makes people switch to a distro with security fixes.
For those who like the RHEL/Fedora type of distro, I think it currently comes down to the number of packages beyond the RHEL/CentOS list - if you only need a few that are not in a supported repository, you can use the excellent CentOS (or RHEL) and hand roll updates from upstream. If you need a lot, the cost of switching to a different distro with longer term support is probably less, depending on the value of your time.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 8:54 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
Do you mean 100% of all packages in the repository? If there is a substantial interest, participation would be helpful.
Fedora: (another) proposal for extended support Posted Jul 16, 2009 21:10 UTC (Thu) by dowdle (subscriber, #659) [Link]
I'm a Fedora user (personal desktops), a RHEL user (production machines at work) and a CentOS user (hobby servers that don't need paid support). I have no desire for extended support for Fedora. It makes no sense whatsoever. The support you get is a new release every 6-ish months... and that is an insane amount of work already.
I would not like to encourage Fedora users to hang on to older versions of Fedora even if there were enough volunteers to keep building security updates for legacy versions... because that would splinter the user community into more versions of Fedora... and no matter how well the volunteers updated things, legacy releases would always be a second class citizen. There are already too many users hanging on to older Fedora releases without updates... and Fedora would be better to continue improving the version-to-version upgrade process.
Fedora is all about trying to keep up with the pace. If you want the long support, get RHEL and/or CentOS... or do what I do... use the right desired one for the desired job.
I do disagree with the idea that Red Hat would have the desire/ability to kill this proposal or to ignore it to death. If the Fedora community really wants it, I think it will happen. I'm just in the camp that doesn't want it.
Fedora: (another) proposal for extended support Posted Jul 17, 2009 14:22 UTC (Fri) by clump (subscriber, #27801) [Link]
Well said. Whenever I deploy Fedora I do so knowing there will be a high rate of change and that I can't expect to leisurely maintain the deployment. This has always been the realistic expectation of anyone that uses Fedora.
Like you, I respect the nature of Fedora. That means I update frequently, and migrate to the newest releases. There are plenty of alternatives if I didn't like doing this.
|
|
||||||||||||