[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] [alpine-devel] Stable and Secure Distribution Supporting Xen



On Tue, 21 May 2013 10:08:39 +0430
Richard Johnson <johnson9884@xxxxxx> wrote:

> I'm choosing between Unix-based operating systems that support Xen. My 
> criteria are the following:
> 
> - Compatibility: I want to use this OS on a various set of commonly used 
> hardware. I have restricted the CPU instruction set scope to x86_64, but 
> there are a vast range of graphics cards out there.

You will only be able to run open source drivers with Alpine Linux.

Anything in mainline linux kernel should work though.

> - Stability: The packages and kernel used must be stable versions. Many main 
> distributions such as Debian and RedHat follow his strategy.

We just released alpine v2.6. It uses kernel 3.9.y + grsecurity
patches. Upstream claims its "stable". I think Debian and RedHat thinks
otherwise.

You will have to find the balance between new features (incl new
hardware) and stability.

> - Xen Stability: Stable Xen support is necessary

Alpine v2.6 comes with Xen 4.2.1.

> - Security
> 
> With these criteria in mind I have reached to the following distributions: 
> NetBSD, Alpine Linux, FreeBSD, Debian and CentOS. I am currently using Alpine 
> Linux which claims that it is designed with security in mind, however my 
> recent Experience with it showed many bugs.

Alpine Linux's security strategy is to use Grsecurity patches and a
hardened gcc toolchain (similar to gentoo hardened). The idea is to
make it hard to exploit (unknown) security bugs, even in kernel.

Since we are a relatively small distro and are fairly early to adopt
new "stable" upstream releases and try stay closer to upstream, we
might hit the bugs earlier than others.

The number of new bugs seems to increase with every kernel release :-/

It would be nice if you could report the bugs you have found so we have
a chance to fix them.
https://bugs.alpinelinux.org


Thanks!

-nc

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.