Distributions
Funding Qubes OS
Qubes OS describes itself as "a reasonably secure operating system". At its core, it uses the Xen hypervisor to separate applications into isolated "qubes" that cannot interfere with each other. While Qubes OS has pushed the boundaries in desktop security, the company behind it, Invisible Things Lab (ITL), has not been as successful in achieving financial security. As a result, Qubes OS is taking a new direction that, its developers hope, will prove to be more lucrative.
As described in this news posting, the original funding model — beyond what ITL brought in with consulting — was a variant of the open-core approach. While Qubes OS is free software, the company tried to sell support for running Windows applications under AppVM as a proprietary product. Doing so required selling binary-only versions of GPLv2-licensed code. Companies wanting to sell proprietary licenses to free code often require either copyright assignment or the right to relicense the code from their contributors. ITL chose the latter option as can be seen on the Qubes OS License page, which says:
Contributors who didn't look closely might have been surprised to learn about the redefinition of Signed-off-by, especially since the page in question links to the kernel's SubmittingPatches document, which has no such provision. In any case, outside contributions do not appear to be a significant source of code for Qubes OS; a quick look at the Qubes core-admin repository shows that at least 90% of the commits there come from ITL employees. Qubes OS is, thus far, a single-company development project.
The AppVM-based business evidently failed to bring in enough revenue to justify it existence, though, so ITL de-emphasized it a little while back. The company credits the Open Technology Fund for supporting Qubes OS work for the last two years; there is no word on whether that funding is continuing into the future or not. Even if it does continue, it seems clear that this funding, while welcome, is not enough to sustain or grow Qubes OS at the level its creators would like.
Thus the new model: a "commercial edition" of Qubes OS that will meet corporate needs in ways that, it would appear, are still being worked out:
ITL insists that Qubes OS itself will remain an open-source project; it
will just be adding some proprietary bits around the edges. Much of this,
the posting says, may take the form of "custom Salt
configurations
" and, perhaps, some additional applications. So
users of Qubes OS (of which there are evidently about 20,000), need
not worry about it going away, especially if the commercialization effort
is successful.
What the company will not do, despite requests from some users, is offer complete systems with Qubes OS installed. That is a hard business and, in any case, there does not appear to be any available hardware out there that meets the company's standards for trustworthiness. It might be interesting to see whether there is a market out there for a complete system that has a higher-than-usual probability of staying under the owner's control, but that would almost certainly require a larger organization and budget than is available at this time.
The Linux distribution market is a hard place to play. Qubes OS does not emphasize its Linux roots, but that is the market it is operating in anyway. Many companies have tried to make a go at it, but few of them are still in business now. Like the Linux kernel itself, a distribution tends to be infrastructure that successful companies use to build some other sort of offering on, rather than a product in its own right.
ITL is now trying to create such an offering in the form of its corporate integration modules. With luck, the company will find success in that area without needing to let the free version of Qubes OS languish. ITL may also want to consider trying harder to build a community of contributors to the project, rather than trying to carry the entire burden on its own. There is certainly space for more secure operating systems; with stable funding and enough developers, perhaps ITL can continue working on one.
Brief items
Distribution quote of the week
> Note that QT is one of those that uses dlopen()/dlsym() when
> calling openssl functions (for license reasons).
No comment I could make about this would be acceptable in polite company. Or in impolite company. Or even during a sailor-class-cursing competition.
Fedora 25 released
The Fedora 25 release is now available "The Fedora Project is pleased to announce the immediate availability of Fedora 25, the next big step our journey into the containerized, modular future!" See the announcement and the release notes for details on the many changes in this release.
Distribution News
Debian GNU/Linux
Bits from the Stable Release Managers
The Debian Stable Release Managers are responsible for updates to the stable release (and old-stable while supported by the Security Team). These bits contain a reminder of what happens after the "stretch" release and how bugs in stable can be addressed. "In order to help improve our processes and provide earlier QA checks for uploads to stable, since our last d-d-a mail we've augmented our tools that generate the proposed-updates overview pages, to add support for binary debdiffs, piuparts results and Lintian checks (for both source and binary packages)."
BSP in Cambridge, UK, 27th-29th January 2017
There will be a Bug Squashing Party on January 27-29 in Cambridge, UK.
Fedora
openSUSE
Advanced discontinuation notice for openSUSE 13.2
SUSE support of openSUSE 13.2 will be ending around the middle of January.
Newsletters and articles of interest
Distribution newsletters
- Debian Misc. Developer News (November 25)
- Debian Project News (November 28)
- DistroWatch Weekly, Issue 688 (November 21)
- DistroWatch Weekly, Issue 689 (November 28)
- Lunar Linux weekly news (November 18)
- Lunar Linux weekly news (November 25)
- openSUSE news (November 23)
- openSUSE Tumbleweed – Review of the Week (November 18)
- openSUSE Tumbleweed – Review of the Week (November 25)
- Ubuntu Kernel Team newsletter (November 15)
- Ubuntu Kernel Team newsletter (November 29)
- Ubuntu Weekly Newsletter, Issue 488 (November 21)
- Ubuntu Weekly Newsletter, Issue 489 (November 28)
What’s new in Fedora 25 Workstation (Fedora Magazine)
Fedora Magazine has a brief overview of the changes to be found in the workstation version of the Fedora 25 release. "Wayland now replaces the old X11 display server by default. Its goal is to provide a smoother, richer experience when navigating Fedora Workstation. Like all software, there may still be some bugs. You can still choose the old X11 server if required."
FreeBSD quarterly report
The FreeBSD project has released its quarterly report for the third quarter of 2016. "Though 11.0-RELEASE was not finalized until after the period covered in this report, we can still have some anticipatory excitement for the features that will be coming in 12.0. The possibilities are tantalizing: a base system with no GPL components, arm64 as a Tier-1 architecture, capsicum protection for common utilities, and the CloudABI for custom software are just a few."
AV Linux Update: Good but Not Better (LinuxInsider)
LinuxInsider reviews AV Linux, a specialty distribution for audio/graphics/video enthusiasts. "This version ships with a custom RT kernel and JACK Audio Connection Kit. Its toolkit has Linux software developers in mind. It provides a strong development suite, and the leading audio/video/graphics applications either are included or available from the Debian or KXStudio software repositories."
Page editor: Rebecca Sobol
Next page:
Development>>