LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Open distro meta data

Open distro meta data

Posted Jul 30, 2009 14:37 UTC (Thu) by kragil (subscriber, #34373)
Parent article: Weirdness at CentOS

All distros should provide meta data about updates, CVEs fixed, VCS commits, etc in an open standardized format. That way an independent entity (like e.g. Distrowatch) could monitor the status of the project.

This data could really help make informed decisions based on facts about which distro to choose for a specific task and it probably help identify events or processes like this one before they are anouced.

( Similar: http://linux.com/community/blogs/Distro-comparison-data.html )

(Log in to post comments)

Open distro meta data

Posted Jul 30, 2009 14:58 UTC (Thu) by kragil (subscriber, #34373) [Link]

And obviously the meta data should include how many people are in charge ..

Open distro meta data

Posted Jul 30, 2009 19:38 UTC (Thu) by nevyn (subscriber, #33129) [Link]

Pretty sure all the data you'd want for RHEL is already published at Red Hat/security/data/metrics. And on a client machine a significant amount of that data is available to yum/yum-security so you can do "yum update-minimal --security" etc.

Of course that doesn't tell you what the window is for RHEL => CentOS, but that's been very small (the 5.3 update was/is the only real mark against them time wise, and that was just bugfixes).

And it's hard to compare that to Ubuntu etc. as they don't publish anything but PR statements saying they are much better than everyone else.

Open distro meta data

Posted Jul 30, 2009 20:55 UTC (Thu) by kragil (subscriber, #34373) [Link]

Red hat does a good job with regards to security and only security, but the data is not available from most other distros and the format is not good for aggregation.

I think all commercial vendors should get together and publish metadata about the work they are doing as open data.

A distrowatch-like website that can answer questions like:

"Which distro updated the kernel and bind the most and fixed its security issues the fasted in the last three years."

Currently the data for that is too hard to get from most distros. I think this data would give SLES, RHEL, Ubuntu, Debian a clear advantage over these fire and forget distros that just make a release and never do any maintenance.

Open distro meta data

Posted Jul 31, 2009 12:37 UTC (Fri) by jond (subscriber, #37669) [Link]

I wonder who would seriously make a decision based soley on that data, aggregated in one place. It would seem very daft to make a distro decision for any sized site based soley on criteria that can be aggregated (and presumably by unvetted, vendor-supplied data at that).

Open distro meta data

Posted Jul 31, 2009 22:28 UTC (Fri) by kragil (subscriber, #34373) [Link]

I wouldn*t pick a distro _soley_ based on this data, but I would probably discard a lot of distros based on it. That can be very useful too.

And I don't see any problem that is data would be vendor supplied. Lying would't work in a FOSS ecosystem.

Open distro meta data

Posted Aug 8, 2009 21:15 UTC (Sat) by dsas (subscriber, #58356) [Link]

The security release date can be checked by checking the date that the updated package was released.

Also I don't think anyone said anything about solely using that data to make a distro choice.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds