Natanael Copa
2013-May-21 09:30 UTC
Re: [alpine-devel] Stable and Secure Distribution Supporting Xen
On Tue, 21 May 2013 10:08:39 +0430 Richard Johnson <johnson9884@qq.com> wrote:> I''m choosing between Unix-based operating systems that support Xen. My criteria are the following: > > - Compatibility: I want to use this OS on a various set of commonly used hardware. I have restricted the CPU instruction set scope to x86_64, but there are a vast range of graphics cards out there.You will only be able to run open source drivers with Alpine Linux. Anything in mainline linux kernel should work though.> - Stability: The packages and kernel used must be stable versions. Many main distributions such as Debian and RedHat follow his strategy.We just released alpine v2.6. It uses kernel 3.9.y + grsecurity patches. Upstream claims its "stable". I think Debian and RedHat thinks otherwise. You will have to find the balance between new features (incl new hardware) and stability.> - Xen Stability: Stable Xen support is necessaryAlpine v2.6 comes with Xen 4.2.1.> - Security > > With these criteria in mind I have reached to the following distributions: NetBSD, Alpine Linux, FreeBSD, Debian and CentOS. I am currently using Alpine Linux which claims that it is designed with security in mind, however my recent Experience with it showed many bugs.Alpine Linux''s security strategy is to use Grsecurity patches and a hardened gcc toolchain (similar to gentoo hardened). The idea is to make it hard to exploit (unknown) security bugs, even in kernel. Since we are a relatively small distro and are fairly early to adopt new "stable" upstream releases and try stay closer to upstream, we might hit the bugs earlier than others. The number of new bugs seems to increase with every kernel release :-/ It would be nice if you could report the bugs you have found so we have a chance to fix them. https://bugs.alpinelinux.org Thanks! -nc