I'd love to see the Foundation have a more active role in improving Gentoo. We actually have a fair amount of money in our rainy day fund, though pressures with some of our sponsors are forcing us to dip into that a bit more heavily than we've had to in the past. I think a challenge here is how to do this while preserving the community that we have. Many FOSS communities have suffered when previously volunteer work became compensated.

Mint, Ubuntu and online banking



At the end of November some Linux news sites picked up and ran with a mailing list post made by a Canonical employee, Oliver Grawert. The post, which talks about Linux Mint, makes the statement that the Mint developers purposefully hold back security updates to their distribution: " I would say forcefully keeping a vulnerable kernel, browser or Xorg in place instead of allowing the provided security updates to be installed makes it a vulnerable system, yes. I personally wouldn't do on-line banking with it. " Grawert links to a file in the Linux Mint code repository which he claims contains a list of packages which " will never update ".



Unfortunately Grawert did not fully understand the nature of the file to which he linked. The file contains a list of packages which may be updated and the number next to each package name indicates how stable the Mint developers consider the package to be. Packages with numbers 1, 2 & 3 next to their names are packages which are updated by default. Packages marked with a 4 or 5 are packages which are not automatically marked for upgrade due to stability concerns, but the user can choose to install these upgrades as well if they think it necessary. In other words, Grawert was incorrect on two points. First, the updates are not forcible kept off the system, the user has the choice as to which updates they wish to apply. Second, the distribution's web browser is not a package marked as unstable. The Firefox browser is marked as a level two update, meaning it gets upgraded by default.



Other Ubuntu developers apparently also misunderstood the nature of Mint's update process. Benjamin Kerensa, for example, stated, " It is unclear why Linux Mint disables all of their security updates although to some degree they have tried to justify their disabling of kernel updates by suggesting that such updates could make a system unstable. " Kerensa went on to say security updates for Firefox are sometimes delayed, adding, " This puts Linux Mint users at risk and is one of the key reasons I never suggest Linux Mint to anyone as an alternative to Ubuntu. " The idea that Mint disables security updates is, of course, incorrect.



These statements sparked off the sort of distro war many Linux users love to read about and comment on. Quotes and commentary spread around and Linux Mint's founder, Clement Lefebvre, eventually saw fit to make a statement. He pointed out that Linux Mint uses the same Firefox package the Ubuntu distribution does, meaning there is no delay between when Ubuntu gets a web browser update and when Mint users receive the same update. He also explained Mint's policy of filtering unstable security updates and how users can choose to install these potentially troublesome packages. Clem went on to say, " I personally talked to the legal department at Canonical (for other reasons, they're telling us we need a license to use their binary packages) and it is clear they are confused about LMDE and Mint. They don't know what repositories we're using and they don't know what we're doing. "



In a follow-up blog post Grawert responded to the generated controversy, pointing out his views on Linux Mint are his personal opinions, not the views of Canonical. He also suggested that this back and forth of statements had revealed a potential issue which could be addressed. " Hey Clem! So how about we take a look at this and improve that situation for you, obviously something in Ubuntu doesn't work like you need it, Canonical puts a lot of time and money into improving the QA since about two years. I think it would be really helpful to sit down and look if we can improve it well enough for both of us to benefit (Ubuntu from your feedback and you from improvements we can do to the package quality). " In a later comment Clem stated that he is open to looking at how Mint organizes security updates and making changes following the release of Linux Mint 16.



I bring up all of this back and forth between the Ubuntu developers and the Mint team to highlight a few points. One is that while many people in the Linux community enjoy a good controversy and fight (often resulting in pointless flame wars) this is typically not representative of open source projects themselves. Many developers are more interested in getting things done, either independently or collaboratively) than arguing. What started as a casual remark on a mailing list a month ago may, in fact, end up helping both the Linux Mint and Ubuntu distributions. These two projects are not so much in competition as they are symbiotic.



My second point is that this exchange brings to light a problem which many developers seem to have. Quite often developers of one distribution are not aware of the features, policies or designs of other projects. Many Linux (and BSD) developers appear to be ignorant of the practices of other projects and I think this is unfortunate. Distributions should be borrowing ideas and technology from each other, but too frequently we see duplication of effort. Too often we see distributions struggling with problems which have been solved elsewhere. It is my hope that more developers will do as Grawert and Clem did last week and try to benefit from working together.



Third, and I think this is a point other Linux news websites are ignoring, Clem claims he has been asked by Canonical's legal department to license the binary packages used by Ubuntu. To me this is a scary thought. Ubuntu is a base distribution for many projects, some of them (such as Mint and Kubuntu) are quite successful. Clem's statement makes me wonder if Canonical has approached other open source projects about licensing the right to access Ubuntu's package repositories. If so, what might follow? Would derivative distributions need to pay to use Canonical's packages? How would Canonical enforce such a policy, with lawyers, by blocking access to the repositories if a user isn't using Genuine Ubuntu? Canonical would certainly have the right to restrict access to its packages, they are on Canonical's servers after all. However, most Linux distributions are quite open about allowing anyone to access their software repositories and I wonder if Canonical might be acting in a short-sighted manner if they are trying to license access.



With these thoughts in mind I contacted Canonical and asked if they could shed any light on the issue. At the time of writing I have not received a reply. An e-mail to the Linux Mint project asking for details yielded much better results. Clement Lefebvre responded the following day and, while he wasn't able to go into specific details as talks with Canonical are still on-going, he was able to share a few pieces of information. When asked if Canonical was hoping to collect a fee for using their binary packages, Clem responded, " Money isn't a primary concern. Although the original fee was in the hundreds of thousands pounds, it was easily reduced to a single digit figure. The licensing aims at restricting what Mint can and cannot do, mostly in relation to the OEM market, to prevent Mint from competing with Canonical in front of the same commercial partners. "



Clem went on to indicate Canonical has not offered any threats nor discussed enforcing any licensing terms. When I asked what Mint's plans were concerning the licensing deal Clem answered, " We don't think the claim is valid (i.e. that you can copyright the compilation of source into a binary, which is a deterministic process). With that said, Ubuntu is one of Mint's major components and it adds value to our project. If we're able to please Canonical without harming Linux Mint, then we're interested in looking into it. As negative as this may sound, this is neither urgent nor conflictual. It's a rare occasion for Canonical and Linux Mint to talk with one another and although there are disagreements on the validity of the claim, things have been going quite well between the two distributions and both projects are looking for a solution that pleases all parties. "



* * * * * Now a question for the readers. Last year I performed a series of reviews on open source NAS projects. Each NAS solution was evaluated on how easy it was to set up, features, stability and the user interface. In the coming weeks I hope to perform a similar side-by-side comparison of various server distributions. Each open source server operating system will be set up as though it were being used in a home or small office environment. Distributions will be evaluated on how easy they are to install, the steps needed to enable certain services, performance and ease of maintaining the server. My question is which server distributions would you, the readers, like to see evaluated? At the moment I have a list which includes Debian, CentOS, Ubuntu, Slackware and probably one of the BSDs. Should you have a distribution you feel should be on the list, please e-mail your suggestion(s) to jessefrgsmith@yahoo.ca.



