On 1/5/20 12:09 PM, gorked wrote:
I thought Fedora was the free publicly available version of the test bed
for Red Hat Linux? That is Fedora being the version that will become
Red Hat?
The way I remember Marek explaining it (and correct me if I'm wrong,
Marek) is that choosing Fedora was mostly chance bc that's what he was
used to at the time.
You are right that Fedora is a test bed for Red Hat, and it has some
pretty serious downsides as a result. Foremost is that TPTB don't allow
Fedora to cryptographically sign their top level repository manifests.
This means that any MITM attacker can pick which packages don't receive
updates, even though the overall update proceeds in an apparently normal
manner.
Virtually all other distros that are half-way popular sign their repo
metadata so that any MITM attempts can be prevented.
More downsides are that less quality testing occurs, packages of all
types (and sizes) get 'dumped' into the update stream much more
frequently, and the more flagrant mistakes with Red Hat's in-house tech
like Systemd land right in users' laps (I've found that Debian's Systemd
releases are less bug-ridden than Fedora's).
I though CentOS and Oracle Linux were free publicly available versions
of the current stable versions of Red Hat?
Those are two distros came much later on, and they weren't under control
of Red Hat (although RH did take over CentOS a few years back).
And that basically Red Hat is from only free software sources?
Excepting some folks might add non-free Firmware drivers if they chose?
Seems like the stable version of Red Hat, renamed something else to make
the Linux OS available for free, would be more secure.
The problem with both RHEL and CentOS is that they're the opposite of
Fedora: Very staid, and non-security updates come slowly. That's a
problem for Qubes since it spent 5+ years charting new territory in the
hardware features + Linux/Xen compatibility matrix.
I actually think a better overall distro for Qubes is Debian, which is
available as a Qubes template (but not for dom0). The reason is that its
'serious' and well tested/supported, but also has layers that allow you
to install and try newer more experimental versions of software. Due to
it popularity, Debian also has more software to choose from in its
repositories. (An example of this in action:
https://groups.google.com/d/msgid/qubes-users/e050ed1e-181a-45b4-89be-b8250c1924fc%40googlegroups.com
).
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/99920ce0-7e77-584a-0a50-16306783b0b7%40posteo.net.