Establishing Digital Trust: Don't Sacrifice Security for Convenience
The release of Fedora 10, codenamed Cambridge, had been delayed following the security breach in the Red Hat Fedora infrastructure. The launch also comes as Fedora is in the spotlight after Red Hat claimed that the distro has over 9.5 million machines running its software -- a figure that it would make it the most widely installed Linux distribution.
Fedora insiders said the delay caused by the security breach didn't dramatically upset the distribution's launch timing.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i"If you look at our original schedule we were supposed to release around Oct. 28 and here we are, four weeks later than what we expected," Paul Frields, Fedora's project leader, told InternetNews.com. The outage itself lasted about three weeks, he added, "and during that time, our infrastructure team nuked our infrastructure and rebuilt the entire thing."
Frields explained that during the outage, the Fedora project ceased producing its RAWHIDE daily builds, which help to push development of the mainline release -- ultimately impacting the release date.
On the other hand, Frields argued that the infrastructure shutdown enabled Fedora to make some improvements to its backend infrastructure that otherwise might not have been possible.
"We reconstructed everything from scratch and after those three weeks, we really only lost a week on top of that compared to our original schedule," Frields said. "So we look at it as a fairly successful release overall, given the circumstances that we had to work with."
Fedora has not yet issued full details on the root cause of its breach, and whether or not it involved malicious hacker activity. Frields said Fedora plans on issuing a final report on the issue in the future, once it's fully detailed the problem. He added that producing a complete and accurate report is a priority for both himself and for the Fedora community.
Improvements in Fedora 10
While security for Fedora's own internal infrastructure is a key concern of the team, security also was a key theme in the Fedora 10 release as well.
A new security audit tool, called secTool, enables users to see if a system configuration has any security flaws. SecTool is also a framework that can be leveraged by users to build their own security tests.
Fedora 10 also helps to expand appliance options with its Appliance Tools technology, a feature that's intended to make it easier for developers and independent software vendors to build Fedora-based appliances. Appliance Tools include the ACT (Appliance Creation Tool) and the AOS (The Appliance Operating System), which is a stripped down version of Fedora.
The hope is that developers could use the tools to build virtual software appliance, LiveCD based appliances or even bare-metal hardware appliances.
As part of the appliance effort, Fedora also is launching a new branding effort, with a Fedora Remix logo that can be used by developers to identify their Fedora-based appliances -- similar to Intel's "Intel Inside" logo program. Frields noted that Fedora's inclusion of Appliance Tools is part of a larger open source effort to develop Linux-based appliances, which Red Hat is sponsoring with its new Thincrust.net project.
This article was first published on InternetNews.com.