“This project is about people.” I think this sums up the Ubuntu project really well and was part of the introduction from Matt’s keynote presentation. The real importance–the real measure of our success–is the people within the project.
Matt showed a slide during his presentation that outlines how the Ubuntu release plan, development milestones and releases all point at the community. This is how Ubuntu has been so successful. The community comes first!
Based on the needs of previous releases Ubuntu 7.04 “Feisty” has been a huge success with many, many improvements. Ubuntu 7.10 “Gutsy”, which will be released in Oct, will support 3D-desktop, multi-monitor support, laptop power profiling and more OUT OF THE BOX. This is, again, based on much of the previous feedback from the community and the continued contributions.
A few things to point out about Ubuntu 7.04 “Feisty” on the server level that have led to its initial and continued success:
- First distro with VMWare paravirtualization
- Automated crash dumps with apport
- Fully automated command-line upgrades from previous release
- Secure by default (server: NO OPEN PORTS out of the box)
Some additional features being looked at for Ubuntu 7.10 “Gutsy” server:
- Turn-key web-based administration
- New one-step server recipies (tasks)
- Pro-active security with AppArmor
I know many people have wondered how the upgrade path will work between LTS releases. Matt reports that there will be an LTS to LTS upgrade option when the time comes for Ubuntu 8.04! This is very good news and I’m excited to see how it works when the time comes in early 2008.
Q : Will there be a future for SELinux in Ubuntu or will it strictly use AppArmour?
A : Currently AppArmor seems to be the best solution for Ubuntu at this point, but if there is enough feedback for SELinux we will look in that direction.
All in all a very good presentation by Matt Zimmerman, Canonical and Ubuntu’s CTO. The future looks bright for Ubuntu and it will continue to look that way based on your contributions.
apparmor is for kids, no wonder that ubuntu goes that way 😛
please wake up mdz, security is _not_ easy, you know it!
Turn-key web-based administration? That’s awesome! Any details… did he mean using Webmin or similar, or are they working on something new and shiny?
Paul – Ubuntu’s own shiny new product is in the works I believe. Can’t wait for the next LTS!
Re: AppArmor, this is pretty much spot on:
http://blog.drinsama.de/erich/en/linux/selinux/2007042101-apparmor-fud.html
Stoffe – thanks for the link; interesting read. Worth looking into. I am currently pretty familiar with SELinux (although I’m not a huge fan), but I don’t know much of anything about AppArmour. Beginning to look like SELinux, in my mind, is the lesser of two evils, but no likable solution yet.
Pingback: Diego’s Blog » News from Ubuntu Live Konferenz
I have to express my worry over a distribution choosing AppArmor over SELinux.
Ubuntu is choosing a security architecture with known flaws in its design with no signs of it being merged upstream over one that has been upstream for years and does not suffer from those known flaws. Why? Because people think AppArmor is easier?
The configuration and management for both tools suck. AppArmor will not be easier for the same people who find SELinux too hard to deal with.
SELinux with its type enforcement system is a technically correct and far more flexible solution with crappy user tools.
AppArmor is a technically flawed limited system with crappy user tools.
While I like Ubuntu as a desktop OS there is no way at this point I’d trust it for any serious server role. The lack of SELinux and other compiler and runtime based protections found in RHEL/CentOS make Ubuntu undesirable for anyone concerned with security.
I for instance can’t imagine trusting Bind to run on an Ubuntu server.
Anyway, thats just my point of view.