Language Selection

English French German Italian Portuguese Spanish

Upstream projects vs. Distributions

Filed under
Linux
Software

You can globally split open source projects into two broad categories. Upstream projects develop and publish source code for various applications and features. Downstream projects are consumers of this source code. The most common type of downstream projects are distributions, which release ready-to-use binary packages of these upstream applications, make sure they integrate well with the rest of the system, and release security and bugfix updates according to their maintenance policies.

The relationship between upstream projects and distributions is always a bit difficult, because their roles overlap a bit. Since I’m sitting on both sides of the fence, let’s try to find common ground.

Overlapping roles

In an ideal world, everyone would install software through distribution packages, and the roles wouldn’t overlap. In the real world though,

rest here




More in Tux Machines

OpenBSD Gets Mitigated For Meltdown CPU Vulnerability

  • OpenBSD Gets Mitigated For Meltdown CPU Vulnerability
    A few days back FreeBSD 11 stable was mitigated for Meltdown (and Spectre vulnerabilities), which came more than one month after these nasty CPU vulnerabilities were disclosed while DragonFlyBSD was quickly mitigated and the first of the BSDs to do so. While OpenBSD is known for its security features and focus, only today did it land its initial Meltdown mitigation.
  • Meltdown fix committed by guenther@

    Meltdown mitigation is coming to OpenBSD. Philip Guenther (guenther@) has just committed a diff that implements a new mitigation technique to OpenBSD: Separation of page tables for kernel and userland. This fixes the Meltdown problems that affect most CPUs from Intel. Both Philip and Mike Larkin (mlarkin@) spent a lot of time implementing this solution, talking to various people from other projects on best approaches.

    In the commit message, Philip briefly describes the implementation [...]

France Proposes Software Security Liability For Manufacturers, Open Source As Support Ends

It sometimes seems as though barely a week can go by without yet another major software-related hardware vulnerability story. As manufacturers grapple with the demands of no longer building simple appliances but instead supplying them containing software that may expose itself to the world over the Internet, we see devices shipped with insecure firmware and little care for its support or updating after the sale. The French government have a proposal to address this problem that may be of interest to our community, to make manufacturers liable for the security of a product while it is on the market, and with the possibility of requiring its software to be made open-source at end-of-life. In the first instance it can only be a good thing for device security to be put at the top of a manufacturer’s agenda, and in the second the ready availability of source code would present reverse engineers with a bonanza. Read more

today's howtos

Security: Updates, Word and More