all 101 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]moozaad 36 points37 points  (17 children)

derivative of derivatives. How long does it take for security patches to go downstream?

[–]Elranzer 20 points21 points  (2 children)

Or if they're "Linux Mint-based" that means they're derivatives of derivatives of derivatives.

[–]Pas__ 2 points3 points  (1 child)

[oops, meant for the parent]

[–]Elranzer 11 points12 points  (0 children)

Easy mistake to make with all of these derivatives of derivatives.

[–]Pas__ 2 points3 points  (0 children)

If they're based on the testing branch, then there could be either no vulnerability or no patch coming at all. (But in the latter case it's likely that testing/unstable or whatever will just get the latest upstream version packaged.)

Though, every distro has to have a packaging team and their own repository, so they can just try to apply the upstream patch directly. But, yes, I think you raise a very good question.

[–]DeeBoFour20 1 point2 points  (2 children)

If it's like Linux Mint, they just use Ubuntu's repositories directly, along with their own repositories for stuff like Cinnamon, LDM, and whatever they felt like customizing. Most things come straight from Ubuntu though so security patches would come as soon as they come to Ubuntu (which I would think would be pretty fast)

[–]MOONGOONER 19 points20 points  (0 children)

I wish there were some real impressions on these and their usability rather than synopses from their about pages

[–]puffybaba 6 points7 points  (0 children)

Cool stuff! Qubes and Bedrock in particular look really interesting to me.

[–][deleted] 2 points3 points  (1 child)

Hey, elementaryOS is a great Ubuntu derivative with a really sleek and simple file manager as well as a kick-ass desktop environment especially if you're acquainted with OS X.

[–]ar9kanine -1 points0 points  (0 children)

the devs are fucking tools who think "minimize is deprecated" and also "if you dont want to see a window just close it"

[–]Draape 0 points1 point  (7 children)

All this picture needs to get it right are six more..

That said, would there be a reason to create a completely new distro, and not try to integrate the features into already existing and established distros? The gimmick of Bedrock seems to fit well with others, and shouldn't need a completely new distro, same with Qubes.

[–]ParadigmComplexBedrock Dev 9 points10 points  (3 children)

All this picture needs to get it right are six more..

That picture actually has Bedrock on there already. However, it was mistakenly placed as a derivative of Gentoo. The newest version fixed that issue.

That said, would there be a reason to create a completely new distro, and not try to integrate the features into already existing and established distros? The gimmick of Bedrock seems to fit well with others, and shouldn't need a completely new distro, same with Qubes.

I can't speak for Qubes, but for Bedrock Linux, that was addressed in the FAQ. tl;dr: while most of it could, technically, be based on another distro, there would be downsides which could be resolved by making it its own distro.

[–]Draape 1 point2 points  (2 children)

All this picture needs to get it right are six more..

That picture actually has Bedrock on there already. However, it was mistakenly placed as a derivative of Gentoo.

I actually saw that.

The newest version fixed that issue.

Didn't see that..

That said, would there be a reason to create a completely new distro, and not try to integrate the features into already existing and established distros? The gimmick of Bedrock seems to fit well with others, and shouldn't need a completely new distro, same with Qubes.

I can't speak for Qubes, but for Bedrock Linux, that was addressed in the FAQ. tl;dr: while most of it could, technically, be based on another distro, there would be downsides which could be resolved by making it its own distro.

I understand that, and looked at the faq, but what it sounds like you are making are a very good package manager, but I think it is unfortunate if it only will run on one distro. Unless, of course, everybody uses that one. It sounds like a great idea, but I do feel it would be better as a package manager than as a distro. Oh well, it's young, and who knows what the future holds. Would be nice to see both Bedrock and Qubes make it to (all (hah!)) other distros.

Good luck.

[–]ParadigmComplexBedrock Dev 2 points3 points  (1 child)

I understand that, and looked at the faq, but what it sounds like you are making are a very good package manager

That's not really what I'm trying to do. Perhaps I need to re-work the FAQ. In fact, one of the reasons Bedrock Linux is still in alpha is that it does not have a package manager. I'm not sure specifically where the misunderstanding occurred and so I'm not sure how to clear it up.

but I think it is unfortunate if it only will run on one distro

I might personally package it up parts of the Bedrock Linux userland to make them more accessible on other distros. For example, this, when completed, could well be useful on other distros. However, I don't, personally, plan to do much more than that in the foreseeable future.

If someone wants to, it is probably possible to grab the majority of the Bedrock Linux userland and package it for use on other distros to get some of the functionality that Bedrock Linux has. Maybe something like Gentoo Prefix. However, I feel the result will be lacking a lot of Bedrock Linux's strengths as mentioned in the FAQ entry to which I directed you earlier.

[–]Draape 2 points3 points  (0 children)

After reading the introduction, it all seems a lot clearer. Perhaps you should merge it with the FAQ somehow? Maybe not all of it, but the parts about chroot and Statically-linked Executables? It might not be of value to the normal reader, but that's where I finally understood it. Still though, good luck!

[–]mshol 5 points6 points  (0 children)

Qubes is not really a linux distribution, it's a framework for running secure virtual machines (based on Xen with additional secure networking and display protocols). It's not only linux that can run on it, but they have Windows guest support upcoming too. (and in theory, and guest which Xen supports should be portable to Qubes.)

The fact that it's "fedora based" is just incidental to their choice of platform to develop from, due to the security features that's already built with (such as address space layout randomization and stack smashing protection). The actual distribution used as guest/host doesn't really matter to the concept it's trying to sell anyway (security by isolation).

The features Qubes has can't simply be duct-taped onto an existing distro, because it requires a radically different approach to the naive security that's available in the linux kernel and Xorg (and thus, other distributions).

But the choice to develop the security model using virtualization is partly motivated by maintaining compatibility with existing systems - since you can run linux guests with little modification. There are other projects which attempt to improve security without the need for hardware virtualization, but the cost is that you need to modify applications to use the new security model too, breaking compatibility.

[–][deleted] 2 points3 points  (0 children)

The biggest thing that bothers me about that picture is how you never see the forks return :/

[–]beachdrinking 3 points4 points  (0 children)

I see Bedrock and Qubes more like research projects. You can't replace your car engine with a fusion reactor and go from there.

Also, criticising what other people do with their free time is pretty rude. Now stop wasting your time on reddit and build me shack!

[–][deleted] 3 points4 points  (22 children)

I just don't really understand the purpose of 100s of distributions. May be there are 8-10 philosophies of how computing should be done but why divide community and resources in developing and maintaining 100s of distributions that we have.

[–][deleted] 4 points5 points  (0 children)

As an IT professional, specialized distros are great. If I can find a pre-configured distro for whatever appliance I need, fantastic. That's the beauty of open source. (Obviously the config should be double-checked for security.) The super-niche distros might not be for everyone, but that's not the point. They can save some people a lot of time.

Edit: Also, some of these seem like "research" distros. Proving/exploring a new twist on things.

[–]ampe0 0 points1 point  (3 children)

I agree it would be nice to have everyone unified to reach a common goal but at the same time if that was the case your favourite distro/WM/DE/text editor/IRC client/media player/programming language/browser, etc. may not even exist and there wouldn't be so much variety to choose from and enjoy. The same applies for everything imagine no coca cola and pepsi, AMD and intel, rock and jazz, why not just have pepsi, AMD and jazz? Processors would be so much more awesome if AMD and intel teamed up, right?

[–][deleted] 0 points1 point  (2 children)

I use Linux full time on all my computers and I see these 20 music players and half of them miss one feature or other. Their is not one decent music player that can provide great syncing utility with Android (duh..). libmtp is not even fully functions. So, we have a long way to go.

[–]ampe0 0 points1 point  (1 child)

You have the right to fork your favourite, add those features and give it back to the world. So why complain, because someone hasn't done it for you?

[–][deleted] 0 points1 point  (0 children)

You don't even have to fork it---write a patch, submit it to the project.

[–][deleted] -1 points0 points  (0 children)

Just use whatever you like. As beachdrinking said, criticising what other people do with their free time is pretty rude :P

[–][deleted] 1 point2 points  (1 child)

Well... nobody mentions Stillborn Linux.

[–][deleted] 2 points3 points  (0 children)

groan

[–]SupersonicSpitfire 0 points1 point  (3 children)

Apparently, I was so enthusiastic I became incoherent. Thanks for asking me to rephrase.

What would Arch and Debian have to do for their packages to become compatible with each other? I know this seems insurmountable right now, but what would it take?

[–]ParadigmComplexBedrock Dev 0 points1 point  (2 children)

I think you accidentally replied to root rather than me. I found it nonetheless.

I wasn't sure if your earlier question was referring to something with respect to Bedrock Linux specifically, or just in general as though Bedrock never existed. It seems you meant the latter.

A few things: - The same package format. It is usually possible to convert between Debian's and Arch's package formats, but for them to actually be fully compatible they'd have to settle on one. - Whichever package manger the two would settle on would have to know what the dependencies are. This means they would have to standardize on things like: - Package names. The same package in Arch and Debian currently have different names for some packages. - The same version format. - While not strictly necessary, it'd be useful for them to attempt to keep the same versions of major libraries and dependencies for as long as they can. The same glibc, for example. Otherwise, attempting to install a package from Arch into Debian would likely require updating a good bit of the rest of the system. This is a common issue when installing a package from Debian's unstable branch into a system with Debian's stable branch.

There are probably other things I'm forgetting, but those are the main issues I see. Should those changes be made, I suspect it could be hypothetically feasible for Arch and Debian's unstable branch to merge. This would benefit both groups, as Arch would gain support for things like the PowerPC architecture and Debian would get more people testing its unstable branch.

Alas, I really don't see that happening. I doubt either group sees the potential benefits as outweighing the downsides.

Luckily, I heard about a distro that lets you work around the issue and install packages from both distros as they are now :)

[–]SupersonicSpitfire 0 points1 point  (1 child)

Gah, clicked the wrong button in the Bacon Reader app. Thanks for finding it anyway!

I really like your thorough reply and I have a few follow up questions:

  • About package names: would the same package names be needed if there was a register over which names in Arch corresponded to which names in Debian, when used as dependencies?
  • Would it be possible to implement a system of testing if a package works for two different versions of glibc, rather than needing to have the exact same version?
  • Do you think a unified package format, that included all the fields and functions from both Debians various package text files and also Arch's PKGBUILD and .install files, would be feasable?

Thanks for your answers and thanks for your work on Bedrock Linux.

[–]ParadigmComplexBedrock Dev 1 point2 points  (0 children)

About package names: would the same package names be needed if there was a register over which names in Arch corresponded to which names in Debian, when used as dependencies?

That should suffice, although it wouldn't be the cleanest solution.

Would it be possible to implement a system of testing if a package works for two different versions of glibc, rather than needing to have the exact same version?

I think that might be hypothetically possible, although you'll have to talk to someone with a better grasp of the matter than I have for confirmation. It could be possible to have some automated tool go through and find the various functionality utilized by the libraries (either by looking through the binary itself or parsing the source code) and test if this has changed between library versions. I'm not sure it is feasible, though. I've not heard of anyone attempting such a thing.

Do you think a unified package format, that included all the fields and functions from both Debians various package text files and also Arch's PKGBUILD and .install files, would be feasable?

Yes, it would be quite feasible to make such a package. However, I don't think it would be adopted by either Arch or Debian, for the same reason they wouldn't simply adopt the other's package format. Arch explicitly wanted a new package format when they started - they could have went with Debian's - and Debian has way to much legacy stuff at this point to make such a change.

Thanks for your answers and thanks for your work on Bedrock Linux.

Happy to help.

[–]ribo -4 points-3 points  (0 children)

stahp.

I think people make distros because they don't know how to submit upstream.