It is worth noting that, for as long as it lasts, the Fedora Project's security support is excellent. Updates are released quickly, and are easily tracked using yum, up2date, or apt.
When Fedora stops supporting a release, it "transfers" that release to the Fedora Legacy project. Fedora Legacy is not part of Fedora itself; it is, instead, a separate, community-based effort dedicated to making security updates available to older Fedora Core and Red Hat Linux releases. The project's policy, as stated in the FAQ, is to support old Fedora Core releases for two release cycles after the transfer.
When Fedora Legacy is working well, it is a highly useful service. With a simple tweak to a yum configuration file, it is possible to keep an older system current with almost no effort.
Unfortunately, the last update to Fedora Core 1 came out on December 3, 2004. Any Fedora Core 1 systems which rely upon Fedora Legacy for updates are currently vulnerable to holes in the kernel, xpdf, vim, KDE, PHP, sudo, etc. The process, it would seem, has come to a complete stop for over a month. We attempted to ask (via the posted contact address) what was going on, but got no response.
A look at the project's mailing list shows that there are still signs of life. There is an open issues document which is still being maintained; it shows a substantial number of packages needing updates, along with their bugzilla URLs. There was also one message about the stoppage and whether support for Fedora Core 1 had been dropped:
Keeping a distribution current with security patches is hard, tedious, and often thankless work. It's the sort of work that people tend to demand to be paid to do. Projects like Debian and Gentoo demonstrate that this job can be done, and done well, on a volunteer basis, however. But it would appear that the requisite effort is not there for the Fedora Legacy project. Without the needed resources - developer time, systems to build packages on, and testing - a project like Fedora Legacy will fail. People who care about the security of older Fedora Core distributions - and the long-term value of Fedora releases in general - might want to think about what they can do to help the Fedora Legacy project get its process restarted.
When the GPL'ed version of Quasar Accounting was announced last week by Linux Canada, Inc., we decided it was time to take a look to see if Quasar could give Linux users the features they need to do their accounting solely on Linux. We also interviewed Linux Canada's Phil Tonnellier about the application, and the decision to release parts of the application under the GPL.
The GPL'ed components of Quasar include its client and server accounting software. The point-of-sale components are not available under the GPL and require a commercial license. Still, the accounting software components provide all the features necessary for users who need to use Quasar for small business accounting.
Tonnellier said that the company chose to release Quasar under the GPL for several reasons. First, he said that the company "wanted to give something back" since the company had been using Linux for retail systems since 1995. He also said that there is a bit of pride in the product as well:
In addition, Tonnellier said that making the source code available was part of trying to build a strong reseller network for Quasar. As for keeping part of the code closed, Tonnellier said that the company's revenues have been primarily derived from sales to retail businesses, and that "most retailers requiring point-of-sale can easily afford the Quasar license fees, and indeed they may feel better knowing we have an income stream and will remain strong for them in the future."
Quasar requires a database backend, either PostgreSQL, Firebird or Sybase. Since MySQL is also extremely popular with the open source community, we asked Tonnellier why Quasar didn't support MySQL as well. According to Tonnellier, they didn't feel MySQL was quite ready in 2000 when Quasar development started:
Since Quasar has long been a closed-source application, we asked what kind of preparation Linux Canada had to do in order to release the code under the GPL. Tonnellier said that it was more complicated than just throwing the source out into the wild:
How does Quasar compare with QuickBooks? Tonnellier noted that Quasar is missing QuickBooks' payroll component, but that Quasar "has very powerful inventory control, including auto ordering and merchandise cost landing." A list of Quasar's features can be found on the Linux Canada website.
This reporter downloaded the Quasar packages for SUSE Linux 9.2. and took Quasar for a test drive. Linux Canada has provided source code and packages for Fedora Core, Mandrake Red Hat, Slackware, and SUSE. We tested Quasar with the PostgreSQL backend, which was a bit tricky to set up initially, but once we got it working it was smooth sailing.
For Linux users who want an accounting package for individual use, Quasar is probably overkill. However, the package has plenty of features that make it attractive to small businesses that have to manage invoices, inventory, purchase orders, vendor payments and so forth.
The interface was fairly intuitive, even though this reporter is decidedly not well-versed in accounting. Quasar also includes an extensive online help system so that almost every window and dialog has an associated help file that explains the current operation. We did run into the occasional glitch, such as the Item Lookup dialog. When searching for a Department for an item, clicking on "New" brings up a "Department Master" dialog that refuses to accept user input until the Item Lookup window is closed. However, we didn't find many glitches of this nature.
Overall, Quasar is a decent accounting application that seems to have most of the features that a small business would need, excepting the payroll functions that Tonnellier alluded to. This is, of course, a feature that many businesses will still need to have, and will probably keep many businesses from turning to Quasar.
Despite the rough edges, we'd recommend that users evaluate Quasar to see if it would suit their needs. Since Quasar is now licensed under the GPL, the Linux community can help Linux Canada add the features and polish it needs to be competitive with proprietary accounting applications. Given the number of users and organizations that would benefit from, and have been looking for, an open source accounting software system, Quasar shouldn't have any shortage of developers willing to take it to the next level.
Senator Kevin Murray, from Los Angeles, has put forward a proposed law which would attack the dreaded scourge of peer-to-peer file sharing networks. In particular, the proposed law reads:
Of course, "peer-to-peer file sharing software" is a vague term, so Sen. Murray makes it even more so:
It does not require a particularly expansive reading of that language to conclude that, say, a Linux distribution with an FTP client or web browser meets that definition. The law does not address what "reasonable care" means, but, presumably, "no attempt whatsoever to prevent the distribution of proprietary materials" would not make the grade. The paranoid among us might well see an attempt to outlaw free software here....except for the little problem that this law would be equally applicable to any general-purpose, proprietary operating system.
This bill will most probably encounter a rough road, and, with luck, will not be passed. It is, however, another result of a view which is being encouraged by the entertainment industry (and others): software is an inherently dangerous tool which must be heavily regulated. Manufacturers and distributors of cooking knives, hand guns, gasoline, automobiles, etc. are not required to design their products in such a way as to prevent the commission of the obvious crimes which those products enable. But software is a riskier item, and cannot be trusted.
The free software community values the freedom it has: if we have a particular need, the only thing that stands between us and satisfying that need is the requisite hacking time. Increasingly, however, we are hearing that our code is illegal in some part of the world or other, regardless of its intent or legitimate uses. This problem is only likely to get worse as the Powers That Be try to get a handle on the strong, but relatively uncontrolled free software world.
Page editor: Jonathan Corbet
Next page: Security>>
Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds