As the power pendulum swings towards developers and open source, from sys-admins and proprietary software, respectively, Linux Distributions are faced with a challenge. How do they get more relevant to the new power brokers?
Over the years, application and web developers have made it clear they are uninterested in packaging their applications if it requires them to do things beyond their normal languages and tool-chains. They are also not particularly interested in consuming their dependencies via distribution packaging tools if it requires a lag in availability, the developers packaging the libraries, and/or learning the packaging software tools beyond the most rudimentary level. Developers have also made it clear that the way software is packaged, normally targeted at production installations, is very cumbersome when using it for development (e.g. the perennial 'setenforce 0').
Many people interpret the above as "developers don't care about security or the trustworthiness of their dependencies." However, this is a mistake. Developers do not ever want to be the person listed as the problem when a major breach occurs. On the flip side, their "bosses" (actual bosses, software communities, professors, etc) set and enforce deadlines that do not allow for the time to muck about with things not directly related to their application development.
What can distributions do? Well, how about they stop providing a distribution. Instead, they can provide an operating system and a set of content. Where the "things" found in the operating system part are packaged in the traditional manner and provide all the traditional guarantees. However, the "content" is provided in the native formats developers are used to and the guarantees, where possible, are provided through other mechanisms.
This talk will discuss the work taking place in the Fedora, CentOS, and Red Hat EL communities to address these challenges.
Download: PDF ODP
Watch the video!
The presentation materials (PDF, ODP) are licensed under the Attribution-ShareAlike 4.0 International and this html is licensed under a Creative Commons Attribution 4.0 International License.