Summary: Suggestions to Red Hat, whose commitment to transparency has eroded somewhat and needs prodding for
TECHRIGHTS runs on top of CentOS, which relies on Red Hat for its updates. Earlier this week at work I was told that CentOS had not released patches since December, whereas RHEL patches are released at a pace of several per week. This may make one wonder about the new Scientific Linux, which might one day outpace CentOS and replace it as the de facto RHEL clone.
"Red Hat can improve its bottom line by sticking a cork in CentOS and preventing access to RHEL-targeted patches."Red Hat defends its dubiously obfuscated patches by pointing the finger at Oracle, but let's face it; it is often said that the most widely used distribution of GNU/Linux is the quiet giant, CentOS. Many Web hosts run it and they are not alone, sector-wise. Nobody knows just how many servers run CentOS, but it's probably many millions. Red Hat can improve its bottom line by sticking a cork in CentOS and preventing access to RHEL-targeted patches. Oracle would be a convenient Goliath to blame, but is it really as dangerous as Red Hat wants us to believe while Red Hat's financial numbers keep hitting new record highs? The subject of transparency at Red Hat was addressed here quite recently and Techrights will continue to pressure Red Hat to rectify these issues, both by explaining the Acacia settlement [1, 2, 3] and by providing GPL-friendly patches to those who require them. The GPL is designed to avoid exclusion, even if that means allowing Oracle to embrace other people's work.
As we pointed out this morning, Novell is trying to take advantage of Red Hat's practices, hoping to sell Microsoft-taxed SLE* at the expense of/instead of RHEL (there is also a peripheral article about it now). Who would that benefit? ⬆
Comments
David Gerard
2011-04-02 23:34:41
We're going to VM-based hosting. Oracle want €£300 to run Solaris on non-Oracle hardware for a year. So we're going Linux.
The hosting company offered RHEL or ... Ubuntu server. We went Ubuntu 'cos we like Debian and it's close enough for our purposes. (IT'S JUST RUNNING JAVA.)
Supporting all the hardware ever is a big plus for RHEL ... but not so much if people are hosting in VMs. And you know, Ubuntu is free as in beer too. (And you don't have to put up with the hideous Unity interface on a server.)
Dr. Roy Schestowitz
2011-04-03 00:10:04
BenderBendingRodriguez
2011-04-03 09:20:55
http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/
http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_into_the_kernel/
Granted it has been written on september but i really doubt that debian changed security wise
twitter
2011-04-04 18:03:12
There's a lot to recommend Debian. Complexity is itself a flaw that leads to exploitation and Debian sensibly avoids this unless forced. Debian also is one of the most package rich and platform diverse distributions, diversity that is both useful and protective. When and if there's a problem, the Debian community can and will deploy these alternate tools.
Dr. Roy Schestowitz
2011-04-04 18:14:31