Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Jan 2015 16:19:54 +0300
From: croco@...nwall.com
To: owl-users@...ts.openwall.com
Subject: Re: Owl future

Solar, All,


On Tue, Dec 30, 2014 at 06:32:13AM +0300, Solar Designer wrote:
>
> On Mon, Dec 29, 2014 at 10:38:36PM +0300, (GalaxyMaster) wrote:
> 
> > unjustified.  In my opinion, we are approaching a point where it's just
> > much easier to take the best we have in our distribution and apply it on
> > top of a modern, mainstream one -- and my guess is that we won't lose
> > much.  Maybe, this is what we should do after all.
> 
> Let's look at this differently: what was the value of Owl so far?

Well, I'd like to say right here that for me, Owl always was THE distro
which is guaranteed to be kept (1) unbloated and (2) conservative, saving
my time and effort.

That is why for server use I even don't consider anything else.  If I only
need to set up a server (or a router) to be controlled remotely via CLI
(and that's how servers and routers are to be controlled, period) I use
Owl.

The point to note specially here is that this is not about ``what is
present in Owl'', but primarily about ``what is *NOT* in Owl''.  There are
no monsters like HAL, udevd, and so on... you've got the idea.  My greatest
disappoinment during the project was allowing dynamic kernel modules to be
in Owl.  However, my strong preference towards Owl is based on that it
still uses LILO (not damn Grub or whatever), SystemV initd, old good
versions of gcc that still don't know the catastrophic ``standards'' C11
and C++11/14, etc.

So, to my mind, it is absolytely (by definition) impossible to add
something to ``a modern, mainstream'' distro to have the features of Owl
there.  It rather takes to REMOVE something from such a distro do make it
match my needs like Owl, and, honestly speaking, nearly everything must be
removed.


> I think it was primarily in trying out and demonstrating to others some
> approaches, some of which have now been adopted by other systems (and
> some changes went upstream).

Let me repeat the thing Gremlin already said in a parallel thread: it is
impossible to demonstrate anything to anyone having a demo rather than a
thing used in production.  Various ``proves of concepts'' really prove
nothing to most of people.

> Finally, as to the future of Owl itself, we need to know why we'd be
> continuing to put effort into Owl.  Do we have more new approaches to
> demo to others in this way, or would we be playing catch-up?  I think it
> might be mostly the latter.

Hmm, you've got at least two users who don't see a distro around to move
from Owl: me and Gremlin.  I'm sure there are others, as well.  Owl is good
as such, may be because it is unique, not because it is hardened (despite
being hardened is definitely a good thing) and definitely not because it
demonstrates anyone anything.

> I think Owl is, and will be (until EOL'ed), one of Openwall's several
> projects (not "the main project").  There are other things I'd like to
> work on (as well or instead).  So if Owl is primarily for its actual use
> while it's maintained, rather than for indirect positive impact on other
> projects, this means that personally I will want to limit my time spent
> on Owl and to spend more of my time on our other projects instead
> (including some future ones).  I've been doing just that lately.

Well, in case you abandon the project, perhaps it will die, and actually
there's no way (at least for me) to prevent this from happening.  What I'd
like to understand then is may be what YOU suggest to use for server/router
use?  Can you suggest Alpine not just as a toy to put the effort into, but
as a platform to use?  Errr, may be this is not a good question to ask,
but do you use it for your own servers?



--
Croco

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ