RealTime IT News

Security Breach Can't Halt Fedora 10's Debut

Red Hat Fedora
Despite a security breach earlier this year, Red Hat is out today with its tenth release of the Fedora Linux distribution, promising new open source security, virtualization and appliance-building technologies.

The release of Fedora 10, codenamed Cambridge, had been delayed following the security breach in the Red Hat Fedora infrastructure. The launch also comes as Fedora is in the spotlight after Red Hat claimed that the distro has over 9.5 million machines running its software -- a figure that it would make it the most widely installed Linux distribution.

Fedora insiders said the delay caused by the security breach didn't dramatically upset the distribution's launch timing.

"If you look at our original schedule we were supposed to release around Oct. 28 and here we are, four weeks later than what we expected," Paul Frields, Fedora's project leader, told InternetNews.com. The outage itself lasted about three weeks, he added, "and during that time, our infrastructure team nuked our infrastructure and rebuilt the entire thing."

Frields explained that during the outage, the Fedora project ceased producing its RAWHIDE daily builds, which help to push development of the mainline release -- ultimately impacting the release date.

On the other hand, Frields argued that the infrastructure shutdown enabled Fedora to make some improvements to its backend infrastructure that otherwise might not have been possible.

"We reconstructed everything from scratch and after those three weeks, we really only lost a week on top of that compared to our original schedule," Frields said. "So we look at it as a fairly successful release overall, given the circumstances that we had to work with."

Fedora has not yet issued full details on the root cause of its breach, and whether or not it involved malicious hacker activity. Frields said Fedora plans on issuing a final report on the issue in the future, once it's fully detailed the problem. He added that producing a complete and accurate report is a priority for both himself and for the Fedora community.

Improvements in Fedora 10

While security for Fedora's own internal infrastructure is a key concern of the team, security also was a key theme in the Fedora 10 release as well.

A new security audit tool, called secTool, enables users to see if a system configuration has any security flaws. SecTool is also a framework that can be leveraged by users to build their own security tests.

Fedora 10 also helps to expand appliance options with its Appliance Tools technology, a feature that's intended to make it easier for developers and independent software vendors to build Fedora-based appliances. Appliance Tools include the ACT (Appliance Creation Tool) and the AOS (The Appliance Operating System), which is a stripped down version of Fedora.

The hope is that developers could use the tools to build virtual software appliance, LiveCD based appliances or even bare-metal hardware appliances.

As part of the appliance effort, Fedora also is launching a new branding effort, with a Fedora Remix logo that can be used by developers to identify their Fedora-based appliances -- similar to Intel's "Intel Inside" logo program. Frields noted that Fedora's inclusion of Appliance Tools is part of a larger open source effort to develop Linux-based appliances, which Red Hat is sponsoring with its new Thincrust.net project.

Beyond appliances, virtualization also gets a boost in Fedora 10 with the new VirtRemoteInstall tool. Frields explained that the tool extends the capabilities of virtualization on Fedora, making it easier for admins to create virtual machines on remote hosts. VirtRemoteInstall is an extension of the Fedora-developed libvirt technology, which is an open source wrapper for managing virtualization.

Libvirt is used by other Linux distributions, including Ubuntu, as a key part of its virtualization feature set.

"Libvirt abstracts away the underlying hypervisor technology, so that you can use the same tools to manage your virtual machines -- whether they are based on Xen or KVM," Frields said.

Overall, Frields is very confident in the features that Fedora 10 is offering. It's a confidence that is based on past experience with features like libvirt.

"I feel that we have an incredibly healthy community and we know we are providing great features because they end up in every other distribution," Frields said. "We're happy that things work that way -- it's the open source way. If another distro uses a Fedora-developed feature, it puts it in front of more users, and then we can improve it faster."