Could always go for opt-out instead opt-in metrics. Fedora had some recent controversy with it.
biribiri11
joined 1 year ago
I wouldn’t place too much faith in the vetting process. As of right now, there are 2,034 members of the packager group of Fedora. None of them are required to have 2FA (or any real account security past a password), and the minimum requirements to join the group aren’t very high (contribute a package, pick up an unmaintained one, etc). Any of those 2,034 people can push malware to Fedora, and within a week, it’d be in stable repos.
Most of these distros are volunteer efforts. They don’t have the manpower to ensure the software supply chain remains secure.
That’s barely the tip of the iceberg, too. Currently, popular projects sit at:
31M for KDE
25M for GNOME
41M for Chromium
42M for Mozilla Firefox
17M for LLVM
15M for GCC
(Note that this metric includes comments and blank lines, to which Linux would count at 46M lines. Counts with blank lines and comments removed are also in those links)
Even if a package was completely vetted, line-by-line, before it made it into a repo, would the maintainer need to get every update, too? Every PR? Imagine the maintenance burden. This code QA and maintainer burden discussion was the crux of one of the most popular discussions on the Fedora devel list.
Graphical environments are just programs just like any other.
They are in Fedora, too. It’s just that installing one DE overtop another can cause config file clashes (ie installing Plasma alongside GNOME means GTK apps will have a minimize button when logged into GNOME)
Yes, all their images are purposefully normal fedora atomic images with stuff tacked on top. Some of that stuff comes in just scripts to make management a bit easier, some of it comes in the form of utilities like distrobox. They also come with zfs or proprietary Nvidia drivers or other things so you don’t have to manage them yourself, alongside tailscale and rpmfusion for nonfree stuff (like codecs). Some of them also have some light configurations, some of them have heavier configurations (especially in the case of bazzite).
You can totally do everything ublue does from a stock Fedora atomic image. Ublue just makes it a little more convenient. A sort of “oh, well I was going to do that anyway”.
Here’s the base dockerfile. As you can see, it confirms all of the above.
Part of your credit score is also the present. It’s more than a bit predatory, but not having any current financial responsibilities looks bad. For example, if you have no loans whatsoever but paid back a bunch in the past, there’s little evidence saying you can currently pay them off. At least, that’s the theory of it.
I feel guilty even owning a house because it’s gotten so bad
It’s not like prices are going to rise forever. Market cycles are natural. There will be a crash, and there will be cheaper homes once again, and as long as the government is competent, random businesses won’t buy them all with the intent to rent them out to potential homeowners.
For the opponents, what is the proposed alternative?
I’d imagine this is the crux of the problem. Banks need some way to determine if someone will pay back their loans, and what better way than to tabulate their history of doing just that? Should banks be willing to take risks in a system with stuff like the 7 year rule?
SuSE and RH have their own legal teams who have combed through all of this and have decided not to chance it. Personally, I wouldn’t base a significant part of the foundation of any product on something as fickle as a Supreme Court ruling, especially when the product is something major from a group like SuSE or RH.
Yep, 41 unless something else happens: https://fedoraproject.org/wiki/Changes/AnacondaWebUIforFedoraWorkstation#Current_status Not sure about the atomic desktops, though. F41 is also getting DNF5, so it’ll definitely be a cool release.
The US’s Department of Defense is one of Red Hat’s biggest customers. Other than that, the US government theoretically uses Linux quite extensively, going as far as making significant contributions such as SELinux. It was mentioned already, but academia uses Linux a lot, too. I saw lots of machines at SLAC running CentOS 7.
It’s funny, because there was research done by UC Riverside which specifically figured out LTS branches receive patches for CVEs significantly later than vendor specific branches. Specifically:
They also conveniently left out the part of Greg KH’s opinion stating that he recommends the use of vendor kernels over stable/LTS branches, too.
I found this particularly funny:
Now I know CIQ is “supposedly” different from rocky, but what is CIQ going to do, break bug-for-bug compat and use stable kernels in their supported version of Rocky? This entire article feels like it doesn’t fundamentally understand that not all bugs (especially ones that lead to potential low-ranking CVEs) aren’t worth patching.