Fosdem Argon7
2005 Edition Free and Open Source Software Developer's European Meeting


2005-02-22 - Alan Cox

Linux kernel

An interview conducted by FOSDEM & the LinuxFR readers
FOSDEM - What is your feedback about your sabbatical year ?

Alan Cox - I enjoyed the MBA a great deal. I've learned a lot of useful stuff that helps when tying computing into the real world. I'm still working on the thesis and need to go interview more folks using Linux on the desktop in business and/or planning to do so yet.

FOSDEM - Some security websites published unpatched security issues affecting the stable kernels. There is no highly critical remote hole right now, but how can we improve the way the security fixes are made?

Alan Cox - The obvious improvement is more tools so that they don't happen in the first place. I'm personally of the opinion that responsible security disclosure involves telling the developers first, and perhaps giving them 14 days to respond and resolve the problem. If you don't force a time then large vendors tend to take forever, if you release immediately then many people can be harmed before a fix exists.

FOSDEM - Should we, for example, name a security maintainer who would handle all the security advisories and bugfixes for stable kernels ?

Alan Cox - Definitely. We sort of have that for the vendor kernels but not officially for the base kernel. For 2.4 Marcelo is part of vendor-sec so he's both 2.4 maintainer and security guy. 2.6 is less clear.

It also has to be more than one person. It's no good if a serious hole occurs and the named security person is flying to Australia that day, or ill or whatever.

FOSDEM - You are working for a well-known Linux distribution. Does your employer impose you any sort of contraint or does he allow you some freedom?

Alan Cox - Red Hat primarily pays me to work on the kernel. I'm mostly trusted to use my own judgement on what that means, and guided by the hot issues customers see. There are things I get through Red Hat, such as vendor pre-production systems and documents that are restricted but nobody in Red Hat demands I run Red Hat products for example. Except for the little boxes (running Debian) I do run Red Hat Fedora but that's by choice.

FOSDEM - Linux is now developed by professionals, who are paid by companies having sales targets. Is this kind of development less fun? What is in your opinion the consequence of the fact linux is now more and more developed by professionals?

Alan Cox - Less fun for some, more for others. It's harder to do research type 'blue sky' projects with Linux in some ways but there are people who love total reliability, verification and quality and those kind of skills are becoming more and more demanded in the Linux world. Big Linux servers have to stay up and companies demand more and more stability and quality as a result.

The kernel itself definitely has changed, its much more "finished" now. There is no real feeling that there are big pieces of catching up to do. The desktop is perhaps today more like the kernel was a few years ago.

FOSDEM - Can GNU/Linux or *BSD take any advantage of the access to the source code of OpenSolaris?

Alan Cox - The licensing really prevents code sharing. We have multiply licensed code that we share with BSD so in theory third parties can usefully contribute code to all the systems. It may also be useful for driver/hardware information if there is actually anything Solaris drives that Linux does not.

FOSDEM - From your valuable insight and broad overview of the whole Linux kernel, what should be the 5 items which have to be addressed by the upcoming kernel releases (apart from hardware support which obviously cannot be addressed by the solely kernel team) ?

Alan Cox -
  • Better performance on small machines
  • Virtualisation (Xen etc)
  • More security features
  • Resolving the X and kernel video muddle properly
  • World domination

    FOSDEM - There has been a great improvement between the 2.4 and 2.6 kernel versions. A lot of developers have been hacking since the first release of the 2.6 kernel, but nothing has been carried out on a 2.7 version. What are your comments on this?

    Alan Cox - I'm still watching this experiment with interest - it reflects the changes in the kernel from development to mostly finished. No conclusions as yet beyond the need for 2.6.x.y subreleases of fixes for each 2.6.x

    FOSDEM - What do you expect from your FOSDEM talk?

    Alan Cox - A lot of hard questions. FOSDEM seems to have a reputation for being a real developer conference so it should be a lot of fun. I hope the beer is good.


  • © FOSDEM 2003-2005 - powered by Argon7