Fedora Might Start Dropping Packages With Consistently Bad Security Records
Written by Michael Larabel in Fedora on 8 August 2018 at 04:59 AM EDT. 14 Comments
FEDORA --
Fedora's Engineering and Steering Committee is mulling over the idea of dropping software packages from the distribution that have notoriously bad security track records.

With packages that have a poor security record particularly over being left unmaintained by their package maintainers for a variety of reasons or where the software upstream sources are not maintained and riddled with recurring issues, FESCo might start dropping these "unsafe" packages from the platform. With packages of software no longer maintained upstream, there are often other package alternatives to package. Meanwhile for a lot of the niche packages they may get introduced into the Fedora ecosystem by new package contributors but never properly maintained due to lack of interest, time commitments, etc. The ability to remove them in the name of security would address the issue of security tickets against these packages remaining open for extended periods of time.

FESCo hasn't come to a firm decision on this proposed process yet but will be discussing it at the upcoming Flock conference. Flock is happening the next few days in Dresden, Germany. More details on the "drop packages with recurring bad security" proposal can be found here.

At Monday's FESCo meeting they did approve better FPGA support for Fedora 29 as well as the TLS 1.3 GnuTLS plans.

Additionally, with Fedora 29, FESCo is now backing the introduction of an F29 Minishift Spin. Minishift is a software package for easily creating a single-node OpenShift cluster, particularly for trying out OpenShift locally. So with this new Fedora 29 spin it should be super easy to test out a deployment of Red Hat's container application platform.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Fedora News
Popular News This Week