X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from ncopa-desktop.alpinelinux.org (3.203.202.84.customer.cdi.no [84.202.203.3])
	(using SSLv3 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: nc@alpinelinux.org)
	by mail.alpinelinux.org (Postfix) with ESMTPSA id 24198DC007F;
	Tue, 21 May 2013 09:30:25 +0000 (UTC)
Date: Tue, 21 May 2013 11:30:22 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Richard Johnson <johnson9884@qq.com>
Cc: xen-users@lists.xen.org, alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] Stable and Secure Distribution Supporting Xen
Message-ID: <20130521113022.6ade937f@ncopa-desktop.alpinelinux.org>
In-Reply-To: <519B085F.60707@qq.com>
References: <519B085F.60707@qq.com>
X-Mailer: Claws Mail 3.9.1 (GTK+ 2.24.17; x86_64-unknown-linux-gnu)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 21 May 2013 10:08:39 +0430
Richard Johnson <johnson9884@qq.com> wrote:

> I'm choosing between Unix-based operating systems that support Xen. My criteria are the following:
> 
> - Compatibility: I want to use this OS on a various set of commonly used hardware. I have restricted the CPU instruction set scope to x86_64, but there are a vast range of graphics cards out there.

You will only be able to run open source drivers with Alpine Linux.

Anything in mainline linux kernel should work though.

> - Stability: The packages and kernel used must be stable versions. Many main distributions such as Debian and RedHat follow his strategy.

We just released alpine v2.6. It uses kernel 3.9.y + grsecurity
patches. Upstream claims its "stable". I think Debian and RedHat thinks
otherwise.

You will have to find the balance between new features (incl new
hardware) and stability.

> - Xen Stability: Stable Xen support is necessary

Alpine v2.6 comes with Xen 4.2.1.

> - Security
> 
> With these criteria in mind I have reached to the following distributions: NetBSD, Alpine Linux, FreeBSD, Debian and CentOS. I am currently using Alpine Linux which claims that it is designed with security in mind, however my recent Experience with it showed many bugs.

Alpine Linux's security strategy is to use Grsecurity patches and a
hardened gcc toolchain (similar to gentoo hardened). The idea is to
make it hard to exploit (unknown) security bugs, even in kernel.

Since we are a relatively small distro and are fairly early to adopt
new "stable" upstream releases and try stay closer to upstream, we
might hit the bugs earlier than others.

The number of new bugs seems to increase with every kernel release :-/

It would be nice if you could report the bugs you have found so we have
a chance to fix them.
https://bugs.alpinelinux.org


Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---