Credits: The Register
Microsoft’s transformation into a fully paid-up member of the Linux love-train continued this week as the Windows giant sought to join the exclusive club that is the official linux-distros mailing list.
The purpose of the
linux-distros list is used by Linux distributions to privately report, coordinate, and discuss security issues yet to reach the general public;
oss-security is there for stuff that is already out in the open or cannot wait for things to bounce around for a few days first.
Sasha Levin, who describes himself as a “Linux kernel hacker” at the beast of Redmond, made the application for his employer to join the list, which if approved would allow Microsoft to tap into private behind-the-scenes chatter about vulnerabilities, patches, and ongoing security issues with the open-source kernel and related code. These discussions are crucial for getting an early heads up, and coordinating the handling and deployment of fixes before they are made public.
To demonstrate that Microsoft qualifies for membership alongside the likes of Ubuntu, Debian, and SUSE, he cited Microsoft’s Azure Sphere and the Windows Subsystem For Linux (WSL) 2 as examples of distro-like builds.
Azure Sphere is Microsoft’s take on edge computing, with its own flavor of Linux running on Arm-based hardware. It has, however, resolutely remained in preview. WSL 2, also in preview, is based on a tweaked version of the Linux 4.19 kernel and took a bow for Windows Insiders earlier in June. Levin reckons it will be generally available in 2020 (so its official release won’t coincide with the increasingly mythical 19H2 build of Windows 10.)
Levin went on to highlight that Microsoft has plenty of users not employed by the Windows giant, its Linux builds aren’t based on someone else’s distribution and, of course, it contributes to the community.
Levin has indeed been an active member of the community. A glance at the changelog for the 5.0.15 Linux kernel is peppered with his sign-offs, often along with Greg Kroah-Hartman, a fellow at the Linux Foundation. It was therefore not surprising to see Kroah-Hartman vouch for Levin. Kroah-Hartman pointed out that Levin has full write permissions to the stable kernel trees, and applauded Microsoft’s application to sign up.
Microsoft would join such Linux luminaries as Google’s Chrome OS team and Red Hat on the list. Penguinistas concerned that the number-two cloud flinger’s appearance is a sign of the creeping corporatisation of the Linux world’s once carefree free-for-all would be well advised to note that another kindly, caring software giant, Oracle, also has representatives on the list. And don’t forget: most Linux kernel development is done by engineers working at organizations like IBM-gobbled Red Hat, Intel, and the Linux Foundation these days, anyway.
It is indeed a measure of how far Microsoft, famed for jealously guarding its software secrets and once describing Linux as a cancer, has come that it has the distro chops to qualify for lists dedicated to dealing with security issues affecting open source software.
“What were seeing here is that Microsoft wants access to early security alerts on Linux,” said open-source pioneer Bruce Perens, in a phone call with The Register on Thursday. “That’s why specifically they’re asking to be on this list. They’re joining it as a Linux distributor because that’s how it’s structured. Microsoft obviously has a lot of Linux plays, and it’s their responsibility to fix known security bugs as quickly as other Linux distributors.”
Perens said he would expect large cloud providers to do the same if they haven’t already. “I would expect Chrome OS has the same kinds of problems,” he said.
Thanks to Register reader Alan J. Wylie, who forwarded us the thread.