Language Selection

English French German Italian Portuguese Spanish

Gentoo 2005.0 All About Security

Filed under
Gentoo
Reviews

The Gentoo Linux "meta distribution" has released its first snapshot release of the year, version 2005.0.

Gentoo considers itself to be a "meta distribution," which means it allows users to pull packages that will provide a customized distribution. The Gentoo Portage system has a tree of over 6,000 packages that are used to build a user's Gentoo Linux OS.

A Gentoo release is essentially a "snapshot" of the stable packages that exist at a particular time in the stable Portage tree. The 2005.0 release updates most packages to the latest available stable version, though there was a particular impetus to make this release due to a number of security issues.

"It is really just a culmination of all the work put into Gentoo since November, when 2004.3 was released," Chris Gianelloni, Gentoo Linux Release Engineering Strategic Lead, told internetnews.com.

"We decided to postpone the release to do a security rebuild mostly because there were several remotely exploitable security flaws in several high-profile packages, like kdelibs and mozilla-firefox."

Red Monk Analyst Stephen O'Grady said the security updates in Gentoo 2005.0 are a key improvement.

"The most important facet of the 2005.0 release to me is the attention that has been paid to securing the release out of the box; this emphasis on security is time well-invested," O'Grady told internetnews.com.

However, the latest version of GNOME 2.10 (define) and KDE 3.4 desktop (define) environments are not included in 2005.0.
"We do not include any packages that are not marked stable in the tree. Both Gnome 2.10 and KDE 3.4 were released after we made our snapshot," Gianelloni explained.

The 2005.0 release also marks the beginning of a new six month release cycle for the Gentoo snapshots, up from the previous marker of three months.

"We found that releasing every three months gave us little gain for quite a large amount of work," Gianelloni said. "Also, with the longer release cycle, it allows us to do more inventive things that would otherwise be impossible to test in the limited amount of time. We typically release on a set cycle since we aren't bound by package releases in the tree."

Six months is also a release target for a number of other open source applications. For example, Novell's SUSE Linux Professional currently releases every six months, as is the aim for GNOME. MandrakeLinux also tends to issue its releases around a six-month time frame as well. Red Hat's Fedora Core releases more often and is likely set for three releases in 2005.

"The stable release cycle simply makes things more predictable, for some people. This is enough to increase adoption," Gianelloni said. "However, I really feel that it will take more than that. We currently have a server project [that is] working at creating a special 'stable' version of the portage tree, designed for server usage. This tree will have stable package versions and will only be updated for security fixes."

Gianelloni said in his view, the "stable" version of the portage tree will be more in line with what other distributions are doing and will make it easier to certify software against a particular version of "stable" or "enterprise" Gentoo.
Currently though, Red Monk's O'Grady feels that Gentoo is already doing a good job at keeping pace with commercial distros.

"As far as keeping pace with commercial distros, my feeling is that the Gentoo team does an excellent job keeping up with the crushing volume of new projects and packages; you can find nearly everything you need in Portage, usually for multiple architectures," O'Grady said. "There are instances where it's a bit behind in some specific areas but for the most part the Gentoo team does an excellent job of keeping pace and even being out in front."

"I think you'll see us branching out into many areas," Gianelloni said, including the embedded space. "I know that there is increased effort on both servers and the embedded space, more effort has been going into moving more of the hardened packages into gentoo as defaults, plus there's the installer project and the work they're doing on building a true mass-deployment tool for Gentoo."

Mr. Kerner's story.

More in Tux Machines

AV Linux 2018.4.12, Zenwalk Current-180419, Ubuntu MATE 18.04

Progress on Plasma Wayland for 5.13

In February after Plasma 5.12 was released we held a meeting on how we want to improve Wayland support in Plasma 5.13. Since its beta is now less than one month away it is time for a status report on what has been achieved and what we still plan to work on. Also today started a week-long Plasma Sprint in Berlin, what will hopefully accelerate the Wayland work for 5.13. So in order to kick-start the sprint this is a good opportunity to sum up where we stand now. Read more

First set of Bionic (sort-of) RC images for 18.04.

Adam Conrad of the Ubuntu Release Team is pleased to announce the first set of Bionic RC images for Ubuntu 18.04 LTS. Over the next couple of hours, builds for Bionic Final should be added to the tracker[1] for all flavours. The builds have some intentional omissions, but please do test them anyway. Known issues that will be addressed Sunday/Monday: – Volume label still set to Beta – base-files still not the final version – kernel will have (at least) one more revision Despite the above, please, please, please test your images. Do not wait for a “final” build to test, as that guarantees your final build will be broken. We need you testing now, iterating uploads to get your bugs fixed, filing bugs and escalating where you need help. Again: DO NOT DELAY, TEST NOW, FIX BUGS, FILE BUGS, ESCALATE FOR HELP. Happy testing everyone, and here’s hoping we push out another smooth and stress-free release on Thursday. … Adam Conrad Read more

Collaboration Events: Pakistan Open Source Summit, GNOME+Rust Hackfest, DataworksSummit Berlin

  • Pakistan Open Source Summit 2018 concludes [Ed: Not about software]
    A large number of attendees from industry, academia, government, and students participated in the summit. Portuguese Ambassador to Pakistan Dr Joao Sabido Costa was the chief guest at the opening ceremony while former Naval Chief Admiral (r) Asif Sandila graced the occasion as the chief guest at the closing ceremony.
  • ‘Open Summit key to create industry-academy linkages’
    Ambassador of Portugal to Pakistan Dr Joao Sabido Costa has said that events such as the Open Source Summit are excellent for spreading awareness and for creating industry-academia linkages and enhancement of the information technology. He stated this while addressing a concluding ceremony of the two-day informative ‘Pakistan Open Source Summit 2018’ attended by large number of people from industry, academia, government and students. Former naval chief Admiral (R) Asif Sandila co-chaired the concluding session. Dr Joao Sabido Costa said that the organisations should utilise open source platforms to build their IT infrastructures in future. To build open source culture in Pakistan, he recommended roadmap with future activities and timelines for spreading open source.
  • Madrid GNOME+Rust Hackfest, part 2
    Yesterday we went to the Madrid Rust Meetup, a regular meeting of rustaceans here. Martin talked about WebRender; I talked about refactoring C to port it to Rust, and then Alex talked about Rust's plans for 2018. Fun times.
  • DataworksSummit Berlin - Wednesday morning
    Data strategy - cloud strategy - business strategy: Aligning the three was one of the main themes (initially put forward in his opening keynote by CTO of Hortonworks Scott Gnau) thoughout this weeks Dataworks Summit Berlin kindly organised and hosted by Hortonworks. The event was attended by over 1000 attendees joining from 51 countries. The inspiration hat was put forward in the first keynote by Scott was to take a closer look at the data lifecycle - including the fact that a lot of data is being created (and made available) outside the control of those using it: Smart farming users are using a combination of weather data, information on soil conditions gathered through sensors out in the field in order to inform daily decisions. Manufacturing is moving towards closer monitoring of production lines to spot inefficiencies. Cities are starting to deploy systems that allow for better integration of public services. UX is being optimized through extensive automation.