Looking forward to Fedora Core 2
The evolution of Red Hat Linux into Fedora has changed things. Red Hat may still guide Fedora with a firm hand, but the process is now being carried out in a relatively open manner, with input from the wider community. As a result, it is possible to develop a reasonable idea of what will appear in the Fedora Core 2 (FC2) release, which is now scheduled for April 5, 2004.
From the beginning, FC2 was destined to be based on the 2.6 kernel. It will thus likely be the first big-name distribution to be truly committed to 2.6, rather than just offering it as an option. There may be a backup 2.4 kernel available for systems that simply can't run 2.6, but its use will probably be rare.
FC2 is not stopping at adopting 2.6, however; this distribution will also be set up to use the NSA Security Enhanced Linux (SELinux) subsystem. SELinux is packaged with 2.6 (as a Linux security module), but actually making use of it is not just a matter of turning it on. SELinux is based on a complex, rule-based mandatory access control mechanism which requires that a whole set of rules and policies be created. To this end, Red Hat has hired Russell Coker, who got his start in this area doing SELinux work for Debian. Russell's SELinux work will show up in FC2, and, after the Fedora users have shaken out the bulk of the problems, in the Enterprise Linux Advanced Server products.
FC2 will also include full IPSec support, given that the requisite protocol support exists in 2.6. Not everybody is happy with the choice of IPSec-Tools for configuration and management, however.
A big issue on the fedora-devel list was whether GNOME 2.6 would make it into FC2. Nobody spoke against the idea, but Fedora leader Michael Johnson did point out one issue with GNOME and Fedora: how their respective schedules work together. GNOME tries to make releases every six months, while Fedora is trying to go a little faster than that. The result is that, sooner or later, Fedora will miss a major GNOME release and spend a few cycles catching up. Recent discussions suggest, however, that GNOME 2.6 will be in FC2. The FC2 release schedule should allow the developers plenty of time to incorporate the imminent KDE 3.2 release as well.
Web browsers are a topic of conversation. It may be hard to remember that, only a few years ago, the only real browser alternative for Linux was the proprietary Netscape 4.x release - and we were glad to have it. There are now so many browsers available for Linux there there is no real hope of including them all. For FC2, it looks like the choices may be Konqueror, Epiphany, and Mozilla. In the future, when Mozilla Firebird stabilizes somewhat, it may replace Mozilla "classic" in Fedora.
There have been a fair number of requests to drop sendmail in favor of a more secure mail transfer agent. Postfix would appear to be the preferred replacement. There does not appear to be a whole lot of desire within Red Hat to change the system's MTA, however, so sendmail looks likely to hang around for a while yet.
One user requested a natively-compiled version of the Eclipse development environment. That wish appears likely to come true; the FC2 schedule states that a number of Java components, compiled with GCJ, are on the list to be incorporated into the distribution.
There is a fair amount of interest in a "bare-bones" installation mode. A minimal install could be used for old and small systems, or as a base platform for a subsequent network install (much as Debian installations can be done). This "bootstrap" install option may well show up in FC2.
Some desired packages will be kept out as a result of licensing issues. Thus valgrind, though often requested, is off the list; it apparently suffers from software patent problems. MySQL 4.x is also an interesting problem; with the 4.x release, the license on the MySQL libraries was changed from the LGPL to the GPL. That change makes it harder to write proprietary applications using the libraries, which can be a concern for distributors (UserLinux is coping with similar issues). The MySQL 4.x library license, however, also blocks the use of MySQL with PHP, which has a GPL-incompatible license. A MySQL/PHP adaptor, as a derived product of both systems, cannot be distributed. So MySQL 3.x will likely be in Fedora Core for a while yet.
The actual Fedora Core 2 release will doubtless contain some surprises.
But it will be, by far, the most open release ever to come out of Red Hat.
This visibility into the development process will give Fedora users the
opportunity to be better prepared for future releases (a good thing, since
quick upgrades will be required to keep getting security patches) and to
have some influence on how the distribution is developed. It is too soon
to say whether Fedora will be a success, but the new approach to its
development is already showing some benefits for its users.
Posted Dec 18, 2003 13:53 UTC (Thu)
by brugolsky (guest, #28)
[Link] (2 responses)
With a viable and secure Linux alternative, the first bit of truly destructive Windows malware is going to accelerate Linux adoption on the corporate server/desktop, as well as in government. At the moment, the gaping hole in desktop security, even with SELinux, is the X server, and inter-client communication. There is a design paper on how to secure X, but AFAIK, no work has been done yet. Once SELinux is in widespread use, perhaps this will gain some attention.
Posted Dec 18, 2003 14:35 UTC (Thu)
by jamesm (guest, #2273)
[Link]
- The SO_PEERSEC patch which allows userspace applications to authenticate each other using SELinux (or other security) credentials in addition to pid/uid/gid. - A userspace implementation of the AVC (access vector cache), which is the part of SELinux which makes security decisions.
Posted Dec 18, 2003 21:07 UTC (Thu)
by oak (guest, #2786)
[Link]
Posted Dec 18, 2003 14:57 UTC (Thu)
by havardk (subscriber, #810)
[Link] (3 responses)
Posted Dec 19, 2003 17:21 UTC (Fri)
by X-Nc (guest, #1661)
[Link] (2 responses)
Posted Dec 24, 2003 3:26 UTC (Wed)
by trustcommerce (guest, #7616)
[Link] (1 responses)
inetd was the "workhorse of the internet" and Red Hat wisely replaced it with xinetd a few versions ago. BSD lpd was the standard UNIX print system for decades, but they replaced it with CUPS recently. And Netscape Navigator was the standard UNIX browser for countless years, but they thankfully replaced it with Mozilla. Sendmail has had a good run, just like inetd, lpd, and Netscape Navigator. But now it's time to take it out back and put a bullet in its head to make room for a modern replacement like Postfix.
Posted Dec 26, 2003 2:05 UTC (Fri)
by dskoll (subscriber, #1630)
[Link]
Wrong. Until Postfix has the equivalent of Milter, I stick with Sendmail.
Posted Dec 18, 2003 19:25 UTC (Thu)
by bferrell (subscriber, #624)
[Link] (2 responses)
Posted Dec 19, 2003 19:06 UTC (Fri)
by tom_verbeure (guest, #5665)
[Link] (1 responses)
Posted Dec 23, 2003 5:48 UTC (Tue)
by bferrell (subscriber, #624)
[Link]
Posted Apr 6, 2004 13:04 UTC (Tue)
by barbersweb (guest, #20689)
[Link]
What is the scoop with this? Is there another article or something I missed entirely about these two not playing together nicely? Thanks,
SELinux should have a profound effect on security. With proper safeguards in place, one need not scramble like mad to get the latest buffer overflow patch in place within hours of its exploitation. With a little policy work (much of which Russell Coker already has in place), apps like Mozilla and Evolution can be confined from doing nasty things to user data (at least directly).SELinux
Work is being done on Security Enhanced X, but it is not something that will be ready soon. Some of the basic building blocks have been completed:SELinux
What about including systrace:SELinux
http://www.citi.umich.edu/u/provos/systrace/
?
Postfix has been included in RedHat/Fedora for a while, but sendmail will be installed by default in a new installation.
Looking forward to Fedora Core 2
With any luck sendmail will remain the default MTA, too, for at least the next year. Yes, Postfix is all around better and yes, sendmail will likely continue to have some security blips (for a while at least) but the bottom line is that sendmail is the backbone for email on the 'net. Just like bind for DNS. Would I like to see alturnatives replace these two old work horses? Sure. But not today.
Looking forward to Fedora Core 2
Why? Postfix is pretty much drop-in replaceable for sendmail. The first thing I do on any Red Hat or Fedora install is "up2date postfix; rpm -e sendmail". Sendmail 1. sucks, 2. sucks, and 3. really sucks. Why keep it around?Looking forward to Fedora Core 2
> Why? Postfix is pretty much drop-in replaceable for sendmailLooking forward to Fedora Core 2
OK, I'll bite. What's the patent issue with valgrind? I didn't turn it up on a cursory google search. It looks to me like it's completely GPL, but IANAL
Looking forward to Fedora Core 2
I don't know what the patents problems are with Valgrind, but if it's any help, it has absolutely nothing to do with GPL.Looking forward to Fedora Core 2
Patents are completely independent from the copyright license.
Ouch!! I usually don't make that type of mistake... I make other ones :)
Looking forward to Fedora Core 2
"The MySQL 4.x library license, however, also blocks the use of MySQL with PHP, which has a GPL-incompatible license."Looking forward to Fedora Core 2
MJB