| DistroWatch Weekly
|DistroWatch Weekly, Issue 221, 24 September 2007
Welcome to this year's 39th issue of DistroWatch Weekly! GNOME 2.20 is finally here and we can soon look forward to a range of releases from all the major distributions incorporating the new version into their products; Mandriva Linux 2008 is expected later this week, but openSUSE 10.3 won't be far behind. In other news: Fedora introduces a new desktop theme called Nodoka, Mandriva simplifies its product range before the upcoming release of version 2008, and Ian Murdock reveals some details about Project Indiana, Sun Microsystems' new Solaris-based desktop distribution. The featured story in this week's issue looks at the security and bug fix infrastructure in today's leading distributions, while those readers who were curious about DistroWatch's recent migration from FreeBSD to Debian GNU/Linux will find the answer in the "Site News" section. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in ogg (6.8MB) and mp3 (6.5MB) formats (many thanks to Jim Putman)
Join us at irc.freenode.net #distrowatch
Security and bug fix infrastructures in distributions
In the world of open source operating systems, what exactly is it that differentiates the "big boys" from the "also runs"? Why is one distribution considered "major" or "mainstream", while another keeps being looked at as just somebody's "hobby project", irrespective of how many satisfied users it has? While there are many different criteria one could pick to demonstrate the differences between the two groups, there are two features that I believe are important factors that shape the user's perception about any distribution: its security and bug tracking infrastructure.
Security updates and security mailing list. Critical bugs, buffer overflows and other potential exploits are part of any software developed today and open source is no exception. Serious problems are regularly found in the Linux and BSD kernels, as well as many widely used Internet applications. As such, many distributions have created dedicated security teams responsible for promptly fixing all newly discovered security problems and for issuing security advisories. Yet, it's surprising to see how many of today's Linux distributions pay little attention to security and merrily provide their users with an operating system that doesn't get patched in case a vulnerability is found in one of its components! Any distribution worth its salt should have a dedicated, read-only mailing list that sends security notifications to the user's inbox (no, a desktop update notifier is NOT enough, since some users might not run X window on their computers or they might run it with the notifier turned off).
Bug trackers. Open source software has changed the way users interact with software developers. Many projects nowadays maintain a bug-tracking facility (Mozilla's Bugzilla is the best-known one, but there are others) that not only allows users to report problems with the software, it also enables them to see whether any action has been taken to resolve the issue and even provides a way to discuss the bug with the developers in more detail. They also show that the developers care about their users' problems, and are confident enough to maintain a facility that lists bugs in their software. Granted, bug trackers aren't the only way of reporting software issues and some developers prefer to use mailing lists, forums or IRC channels to communicate with their users; nevertheless, they have proven themselves as the most sophisticated method for tracking and fixing bugs in open source software.
So without further ado, let's take a look at the list of the top 25 distributions (as per DistroWatch's Page Hit Ranking) and see which ones provide their users with dedicated security mailing lists and a public bug tracker.
Interesting reading. Some readers might argue that security updates and bug trackers are not really important in desktop distributions, where risks are comparatively low. Nevertheless, their existence (or lack of it) provides an interesting indicator about how complete and balanced a distribution is. Providing security fixes is a tedious, thankless task, much less glamorous than releasing new CD/DVD images with all the latest applications and countless new features. But this is exactly what separates the serious distro contenders from hobby projects. Finding time away from all the exciting work to provide their users with boring, but necessary work isn't always easy, but that shouldn't be an excuse for not doing it, particularly if the project cares about its users and if it wants to be taken seriously.
GNOME 2.20, Mandriva 2008 editions, Fedora's new Nodoka theme, Project Indiana
The biggest event on the open source software calendar last week was undoubtedly the release of GNOME 2.20, a popular desktop environment. What's new in the latest release: "Improved support for right-to-left languages; desktop search integrated into the file chooser dialog; convenient new features in the Evolution email and calendar client; enhanced browsing of image collections; simplified system preferences; efficient power management and incredibly accurate laptop battery monitoring. Developers receive more help with application development thanks to a new version of the GTK+ toolkit, improved tools, and a great new documentation web site." As has become tradition, Foresight Linux was the first distribution to integrate the latest GNOME into their product; released almost simultaneously with GNOME 2.20 last week was Foresight Linux 1.4 (an installation DVD based on rPath Linux) and GNOME 2.20 live CD.
Foresight Linux 1.4 - the first distribution shipping with GNOME 2.20 and OpenOffice.org 2.3
(full image size: 375kB, screen resolution: 1280x1024 pixels)
* * * * *
Mandriva has published an official press release announcing the upcoming release of Mandriva Linux 2008. It will come in three editions: a commercial Mandriva Powerpack (available as a box set or download from Mandriva Store), freely downloadable Mandriva One live CDs (with proprietary device drivers) and freely downloadable Mandriva Free (a traditional installation CD set or DVD without any proprietary components): "After the 2007 Spring edition, Mandriva Linux 2008 is the next major new release of Mandriva to take advantage of the faster 6-month development cycle. With this new release, Mandriva is upgrading its commercial offer around a single unified product: Mandriva Linux Powerpack. It integrates a unique set of commercial packages and services to offer a whole Linux solution. The best-seller Powerpack is the commercial edition of Mandriva Linux and the recommended extension for users of the community version." The press release does not include expected release dates, but according to the distribution's development Wiki page, Mandriva Linux 2008 is scheduled for release in just a few days - on Thursday, 27 September.
* * * * *
The Fedora project has launched what they call a series of feature previews as part of the build up to the Fedora 8 release. The first among them is an introduction to "Nodoka", Fedora's new default theme: "We managed to create something that has a sense of 3D, it uses soft gradients, the look is pleasant, not too much shiny or glossy - that's what I intended it to be and I am glad that we managed to make it so. The Metacity theme is however another tale. It's simple and fast, but it seems that I went too far with the simplicity. There are still some hiccups that need to be fixed. I have already in mind some improvements to it and I hope I will have time to incorporate the changes before Fedora 8 is released. And yes, it seems to work well both with Infinity and Mist, though I personally think that the best icon set for the Nodoka theme is Echo - it makes it look warmer."
* * * * *
Ever since Ian Murdock (the founder of Debian GNU/Linux) has taken a project management position at Sun Microsystems, we keep hearing about a new Solaris-based desktop distribution that is referred to as Project Indiana. But details have been sketchy - until now. Last week, Phoronix attended a presentation given by Ian Murdock with the goal of introducing Project Indiana to the public: "Among the advantages of Project Indiana is that it will use Sun's ZFS as the default file system, and Project Indiana will be taking full advantage of its abilities to create snapshots and perform rollbacks if something with the system's software goes wrong. With Sun's past work with the GNOME project, GNOME will be the desktop environment in Project Indiana, said Ian Murdock. He had gone on to reiterate several other points such as the single CD installation with network-based package management (likely powered by APT). Project Indiana will also be easier to acquire, as it will be available through mirrors that do not need registration and will be distributed via BitTorrent. Another goal of Ian's is also to modernize the command line."
|Released Last Week
KateOS 3.6 has been released: "The final version of KateOS 3.6 is now available. This new version contains hundreds of updated packages, lots of bugfixes, and many improved solutions. The most important new features in KateOS 3.6 are: software-driven system hibernation; a GUI installer (included in the LIVE edition); a new version of update-notifier; new start-up scripts which are accessible via the service command; better support for HP printers (via hplip); internationalization support in the whole system (using gettext); new French translation of the CORE installer and many system components; a new GUI network configuration tool; simplified CORE installer; several new packages such as Audacious and Pidgin; initrd has been replaced with initramfs." Visit the project's home page to read the full release announcement.
KateOS 3.6 - the live CD now comes with a graphical installer
(full image size: 638kB, screen resolution: 1280x1024 pixels)
Foresight Linux 1.4
Ken VanDine has announced the release of Foresight Linux 1.4, the first distribution to feature the latest GNOME 2.20: "The Foresight Linux Project is proud to announce the release of Foresight Linux 1.4. Foresight Linux is a Linux distribution for your desktop that features a rolling release schedule that always keeps your desktop up to date; a revolutionary package manager, Conary; the latest GNOME desktop environment and an innovative set of excellent, up to date packages. Foresight is proud to be the first distribution to ship with GNOME 2.20. Foresight Linux 1.4 features the latest GNOME mentioned above, including updates to Evolution email and calendar, Tomboy notes, Power Manager, Epiphany web browser, the GNOME Image Viewer, Eye of GNOME and more." Read the release announcement and release notes for further information and screenshots.
Kaella is a French Linux distribution based on KNOPPIX and localised into French. Version 3.2 is the first release that comes in the form of a live DVD, with 2 GB of supplementary applications (e.g. Amarok, Blender, Dia, Emacs, Evolution, Gramps, Inkscape, QCad, QEMU, Scribus, XMMS, games, etc.) and an integration of three free software projects - Dogmazic, GeeXboX and Compile Tux & Astux. Among other interesting software, Kaella 3.2 ships with OpenOffice.org 2.0.4, IceWeasel 184.108.40.206, IceDove 220.127.116.11, GCompris 8.3.2 and Tuxpaint 0.9.17. Apart from these new features, the distribution also includes the usual customisations, such as support for popular USB modems used throughout France and a number of Linux user guides and tutorials. Please read the complete release notes (in French) for further details.
BOSS GNU/Linux 2.0
The BOSS development team has announced the release of BOSS GNU/Linux 2.0, a Debian-based distribution with support for Hindi and Tamil: "BOSS version 2.0 successfully released. Finally our Indian GNU/Linux distribution is released on 17th September 2007 in the Connect 2007 program. Features: GNOME 2.18; Orca screen reader; Espeak; gDesktlets; Beryl 2.0 - an excellent 3D desktop; 2.6.21 kernel; on-screen keyboard support; OpenOffice.org 2.2 with support for two Indian languages (Hindi and Tamil), with plans to move to other languages as well; a pleasing desktop background and icons; enhanced BOSS presentation tool; complete Tamil and Hindi desktops; update manager for updating your BOSS to the latest packages." Read the release announcement and release notes for more details.
X/OS Linux 5.0
X/OS Linux 5.0, a distribution rebuilt from source RPM packages for Red Hat Enterprise Linux (RHEL) 5, has been released: "X/OS Linux 5.0 is now available for public download." From the release notes: "The X/OS Linux 5.0 package set for i386 systems is identical to the combined package sets of RHEL 5.0 Client and RHEL 5.0 Server, with the following exceptions: all updates released for RHEL5 up to August 7, 2007, have been included, this also includes additional packages, as well as the replacement of GAIM by Pidgin; the yum package has been updated to version 3.2.1, the version included with the RHEL 5.1 beta release, as the yum version (3.0.1) that was included with RHEL 5.0 contains serious problems; an installclass has been added to Anaconda, supporting various alternatives for installing X/OS Linux 5...." Read the release announcement and release notes for more information.
Denis "Jaromil" Rojo has announced the release of dyne:bolic 2.5, a multimedia live CD designed for media activists, artists and creative individuals: "After 6 months of development, this release stabilizes and updates the core system, also providing recent versions of most used software and some important new functionality. New features: writable NTFS support (ntfs-3g) now lets you save data and nest also on Windows NT formatted partitions, Firewire audio cards are now supported by Jack (Freebob); nesting capability is made even easier to operate as nests can be mounted without reboot; new software: Ekiga, Guarddog and Wireshark plus all the gtkpython and wxPython libraries; text console usage is enhanced by a fully functional mail setup with Mutt, msmtp, Fetchmail, Procmail, and SpamAssassin; graphical desktop repair button and a mount utility for SSH accounts...." Read the full release notes for more details.
Sabayon Linux 3.4 "miniEdition"
Fabio Erculiani has announced the release of Sabayon Linux 3.4 "miniEdition", a single-CD variant of the Gentoo-based desktop distribution: "We are happy to announce Sabayon Linux 3.4 'miniEdition'. Sabayon Linux x86/x86_64 'miniEdition' is a CD release of the latest Sabayon Linux x86/x86-64 DVD. The creation of this special edition, has been made with an automatic script that shrinks down the whole chroot jail by removing every duplicated, useless or server-oriented package. The multimedia features of this special edition are kept intact. Distribution updates: improved OpenGL configuration reliability; NVIDIA driver updated to 100.14.19; CompizFusion stability fixes (will be soon enabled by default on supported hardware); boot time 15% faster." Read the brief release notes for more information.
Sylvie Migneault has announced the final release of AliXe 0.11, a SLAX-based live CD featuring the Xfce desktop: "It is my pleasure to announce that the CD of AliXe 0.11 is now finalized. AliXe v0.11 is a bilingual (English and French) live CD based on SLAX, including the Xfce window manager with GTK+ applications. In addition to the correction of bugs and package updates, the CD has had a major transformation and most of the modules have been re-created. This work had two goals: to facilitate the task of remastering the live CD and to write a comprehensive HOWTO. Changes: various problems with localization were corrected; xine, Totem and Audacious were removed, while MPlayer, Gnome MPlayer and Beep Media Player continue to be provided for audio and video playback; MPlayer audio bug fixed; upgraded Firefox 18.104.22.168, Pidgin 2.2.0 and Parted 1.8.8; added Dia 0.96.1." Read more in this brief changelog.
* * * * *
Development, unannounced and minor bug-fix releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
From FreeBSD to Debian GNU/Linux|
After last week's DDoS attack on DistroWatch.com and the subsequent server operating system switch from FreeBSD to Debian GNU/Linux, many readers have asked about the reasons for this move. Did I lose my trust in FreeBSD? Or were there other reasons that prompted the move? With such questions being asked both in the DistroWatch forums and in emails filling my inbox during the week, I thought it would be best to answer them here, rather than replying individually to each person who wanted an explanation.
First thing first: no, I have no problem with FreeBSD as an operating system. Ever since I started running DistroWatch on a dedicated server, I always used Debian - until November 2004, that is, when I switched to FreeBSD. The reason? I needed some features in PHP 5 which was not yet officially supported in the then stable version of Debian. With Debian GNU/Linux 3.1 "sarge" in perpetual delay, I decided to switch to what many consider to be one of the best server operating systems on the market - FreeBSD.
Then last week came the devastating DDoS attack. When the technician responsible for the server finally disconnected the server from all outside traffic, he found that no services were responding on the server. His solution was to bring in a new hard disk, install a fresh copy of FreeBSD and mount the existing hard disks to investigate the problem. That's exactly what he did, so finally I was able to connect to the server and start getting the web site back online.
And there I was - looking at a very basic FreeBSD installation. With my first priority being the need to get DistroWatch up and running as soon as possible, I was about to start configuring the system, installing the necessary ports, and restoring the essential services. Normally, I'd consider this a fairly enjoyable task, were it not for the fact that it was getting late and I was feeling increasingly tired. "Ah, if only it were Debian and not FreeBSD," I told myself, "everything would be up and running in a snap!" Then, rather than spending a better part of the night setting up a fresh FreeBSD installation, I decided to ask the technician to install Debian instead.
And that's the simple explanation for the switch: setting up a Debian system is just so much faster than setting up a FreeBSD system. Even if one would choose to run a binary FreeBSD (as opposed to taking advantage of FreeBSD's famous ports), it would still take longer than with Debian. An example: let's install the NTP server on both operating systems. In Debian, issuing "apt-get install ntp" not only downloads and installs the application, it also starts the NTP daemon, synchronises the system clock with one of the servers from the pre-configured configuration file, sets up logging, and sets up NTP to start at boot. Contrast that with FreeBSD where, after compiling NTP, you would have to do all these tasks manually - not a difficult job, but still considerably more time consuming than the same on Debian. This is just one example - there are many others.
At the end of the day, the decision between running a Debian server and a FreeBSD server is fairly simple: if you want to run the latest software and have the time to baby-sit your server (remember that on FreeBSD, most security updates require compiling the kernel or the userland or both), then choose FreeBSD. But if you want to set up your server and then pretty much forget about it, then Debian is a better choice. With not having any special reason for wanting to run the latest and greatest, Debian seemed to me like an ideal solution.
One final observation that might interest some readers: the daily Page Hit Ranking updates is generated from log files by a bash script, which is launched by cron every day just after midnight GMT (it counts the clicks for the previous day, then performs all the necessary additions and divisions on the data before generating the HTML tables). On FreeBSD 6.2, the script normally completed its run in about 40 minutes. On Debian 4.0, the same now takes about 130 minutes. You draw your own conclusions!
* * * * *
New distributions added to database
* * * * *
New distributions added to waiting list
- 7linux. 7linux is small, fast distribution built from scratch. Its main characteristic are: use of 7z compression, pkgtools from Slackware, Enlightenment and KDE desktops.
- Greenie Linux. Greenie Linux is a Slovak distribution based on Ubuntu. It is intended as easy-to-use operating system localised into Slovak and Czech.
* * * * *
DistroWatch database summary
And this concludes the latest issue of DistroWatch Weekly. The next instalment will be published on Monday, 1 October 2007.
|• Issue 581 (2014-10-20): SparkyLinux 3.5, Fedora's graphics stack, Debian and systemd, OpenBSD 5.6|
|• Issue 580 (2014-10-13): Rolling releases, Arch as best distro, GNOME on Wayland, MINIX 3.3.0|
|• Issue 579 (2014-10-06): PC-BSD 10.0.3, Debian's Jessie freeze, setting up home server|
|• Issue 578 (2014-09-29): Calculate 14, Debian's default desktop, Shellshock vulnerability, practical Tiny Core|
|• Issue 577 (2014-09-22): SymphonyOS 14.1, FreeBSD drops pkg_add, MINIX on ARM, GNU screen|
|• Issue 576 (2014-09-15): PCLinuxOS 2014.08, Mint's documentation, Debian's hardware database, CDE|
|• Issue 575 (2014-09-08): Porteus 3.0.1, Fedora's blivet-gui, Red Hat's Docker, systemd|
|• Issue 574 (2014-09-01): Ubuntu Kylin 14.04, Haiku and Linux kernel, Wayland support, Lumina, Bash completion|
|• Issue 573 (2014-08-25): SolydXK 201407, VPN gateway with FreeBSD, Ubuntu MATE, Raspbian, trusting binary packages|
|• Issue 572 (2014-08-18): ZFSguru 10.1, Fedora's Flock, beta installer for "Jessie", Ubuntu Core, rolling releases|
|• Issue 571 (2014-08-11): HandyLinux 1.6, LMDE update, default desktop in "Jessie", running out of disk space|
|• Issue 570 (2014-08-04): Neptune 4, Kubuntu's KDE Plasma 5, FreeBSD and UEFI, Linux servers|
|• Issue 569 (2014-07-28): Deepin 2014, Ask Fedora, Gentoo and LibreSSL, encrypted package downloads|
|• Issue 568 (2014-07-21): Antergos 2014.06.24, Mint based on Debian stable, upgrading CentOS, BinaryTides|
|• Issue 567 (2014-07-14): Manjaro 0.8.10, PC-BSD jails, Debian and glibc, Fedora's DNF, Xiki and Opera 24|
|• Issue 566 (2014-07-07): LXLE 14.04, OpenBSD's SimpleDE, openSUSE artwork, home security basics|
|• Issue 565 (2014-06-30): Chakra 2014.05, Fedora on BeagleBone, Matthew Miller interview, e-book readers|
|• Issue 564 (2014-06-23): Antergos 2014.05.26 and Q4OS 0.5.11, Debian LTS and glibc, Fedora DNF|
|• Issue 563 (2014-06-16): Mint 17, CentOS 7 pre-release, Debian MATE, accessing encrypted content|
|• Issue 562 (2014-06-09): GoboLinux 015, Gentoo interview, Fedora leader change, climagic tricks|
|• Issue 561 (2014-06-02): OpenMandriva 2014.0, Debian GNU/Hurd, Lubuntu and LXQt, Final Term, TrueCrypt|
|• Issue 560 (2014-05-26): KaOS 2014.04, Wayland and KDE 5 on Fedora, distros with commercial support, DenyHosts|
|• Issue 559 (2014-05-19): VortexBox 2.3, LTS-only Linux Mint, FreeBSD 11 ambitions, KDE 5 beta|
|• Issue 558 (2014-05-12): RHEL 7 Workstation impressions, LXQt and Lumina, Haiku interview|
|• Issue 557 (2014-05-05): Xubuntu 14.04, Ubuntu 14.10 roadmap, Fedora Workstation, ownCloud|
|• Issue 556 (2014-04-28): Ubuntu 14.04, LibreSSL, Lumina desktop, Deepin interview|
|• Issue 555 (2014-04-21): Robolinux 7.4.2, Ubuntu release day stats, Debian security, Porteus update|
|• Issue 554 (2014-04-14): Review of FreeNAS, OpenSSL bug, Fedora.next, Robolinux Stealth VM, measuring memory|
|• Issue 553 (2014-04-07): Puppy 5.7 "Slacko", end of Ubuntu One, file encryption with GPG|
|• Issue 552 (2014-03-31): Tanglu 1.0, Ubuntu GNOME LTS, SliTaz for ARM|
|• Issue 551 (2014-03-24): Linux Mint "Debian" 201403, call for end to proprietary firmware, LVM|
|• Issue 550 (2014-03-17): Review of NixOS 13.10, Lubuntu seeking feedback, Android-x86 4.4-rc1 impressions|
|• Issue 549 (2014-03-10): ClearOS 6.5 and UCS 3.2, Gentoo interview, Ubuntu app contest, Into the Core|
|• Issue 548 (2014-03-03): Review of Mageia 4, FreeBSD console driver, filtering web content, Pitivi fundraiser|
|• Issue 547 (2014-02-24): Chakra 2014.02, Ubuntu privacy, preventing unwanted remote logins|
|• Issue 546 (2014-02-17): Review of PC-BSD 10.0, Red Flag closure, Ubuntu and systemd, SlackE18, Fedora book review|
|• Issue 545 (2014-02-10): Impressions of FreeBSD 10.0, Debian votes systemd, Ubuntu file manager, server security|
|• Issue 544 (2014-02-03): Netrunner 13.12, openSUSE future, Ubuntu Touch in emulator, running commands in multiple places|
|• Issue 543 (2014-01-27): Review of Korora 20, FreeBSD 10.0, DNF, ZFS rescue CD, Bridge Linux interview|
|• Issue 542 (2014-01-20): QupZilla, Ubuntu with MATE, Arch on Raspberry Pi, best applications|
|• Issue 541 (2014-01-13): openSUSE 13.1 and Zentyal 3.3, CentOS joins Red Hat, Bodhi on Chromebooks|
|• Issue 540 (2014-01-06): SMS 2.0.6 and SME Server 8.0, Hawaii desktop, PHR statistics 2013, more on multi-part archives|
|• Issue 539 (2013-12-23): Centrych 12.04.3, Fedora 20 and its spins, dividing archives across multiple discs|
|• Issue 538 (2013-12-16): Mint 16 review, RHEL and CentOS 7 plans, SteamOS, Windows XP replacement suggestions|
|• Issue 537 (2013-12-09): OpenMandriva 2013.0, Gentoo developer interview, project Neon, Linux Mint and security|
|• Issue 536 (2013-12-02): Impressions of openSUSE 13.1, Ubuntu Touch, FreeBSD 10 delay, troubleshooting OS lock-ups|
|• Issue 535 (2013-11-25): GhostBSD 3.5, Debian and MATE, Ubuntu 14.04 features, security updates|
|• Issue 534 (2013-11-18): Review of OpenBSD 5.4, Fedora on ARM, menu names vs command-line names|
|• Issue 533 (2013-11-11): Point Linux 2.2, Pisi update, Debian and Xfce, Bruno Cornec interview|
|• Issue 532 (2013-11-04): Ubuntu and Kubuntu 13.10, Debian's init, FreeBSD's PKG-NG, Linux on ARM|
|• Issue 531 (2013-10-28): PC-BSD 9.2, openSUSE testing, nftables, upgrade pros and cons|
|• Issue 530 (2013-10-21): Kwheezy 1.2, DPL interview, Zenwalk's future, keeping up with vulnerabilities|
|• Issue 529 (2013-10-14): Ubuntu's Mir, dmesg and photorec tips, Tiny Tiny RSS|
|• Issue 528 (2013-10-07): Semplice 5, Haiku package management, Klaus Knopper interview, making custom distro|
|• Full list of all issues|