Language Selection

English French German Italian Portuguese Spanish

Red Hat

Server Side Public License (SSPL), Red Hat and Fedora

Filed under
Red Hat
OSS
Legal
  • Red Hat/Fedora decide MongoDB’s SSLP doesn’t fit

    MongoDB’s January blues deepened this week as the team behind the Red Hat-backed Fedora Linux distribution confirmed it had added the open source database’s Server Side Public License to its “bad”list.

    The move came as it emerged Red Hat – Fedora’s sponsor – had nixed MongoDB support in RHEL 8.0.

  • AWS Raised Its Hand Lest Of Open Source Platform

    Even though AWS stands by MongoDB as the best the customers find it difficult to build and vastly accessible applications on the open-source platform can range from multiple terabytes to hundreds of thousands of reads and writes per second. Thus, the company built its own document database with an Apache 2.0 open source MongoDB 3.6 API compatibility. The open-sources politics are quite difficult to grasp. AWS has been blamed for taking the top open-source projects and re-branding plus re-using it without providing the communities. The catch here is that MongoDB was the company behind putting a halt to the re-licensing of the open-source tools under a novel license that clearly stated the companies willing to do this will have to purchase a commercial license.

  • Red Hat gets heebie-jeebies over MongoDB's T&Cs squeeze: NoSQL database dropped from RHEL 8B over license

    MongoDB justified its decision last October to shift the free version of its NoSQL database software, MongoDB Community Server, from the open-source GNU Affero General Public License to the not-quite-so-open Server Side Public License (SSPL) by arguing that cloud providers sell open-source software as a service without giving back.

    The following month, and not widely noticed until this week, Red Hat said it would no longer include MongoDB in version 8 of Red Hat Enterprise Linux. The removal notice came in the release notes for Red Hat Enterprise Linux Beta 8.0.

    Under section 4.7, the release notes say, "Note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL)."

  • Server Side Public License struggles to gain open-source support

    MongoDB first announced the release of the new software license in October as a way to protect itself and other open-source projects like it from being taken advantage of by larger companies for monetary gain.

    At the time, MongoDB co-founder and CTO Eliot Horowitz explained: “This should be a time of incredible opportunity for open source. The revenue generated by a service can be a great source of funding for open-source projects, far greater than what has historically been available. The reality, however, is that once an open-source project becomes interesting, it is too easy for large cloud vendors to capture most of the value while contributing little or nothing back to the community.”

    Other open-source businesses have developed their own licenses or adopted others in recent months, citing the same issues. However, the problem with these new licenses is that if they are not approved by the Open Source Initiative (OSI), an organization created to promote and protect the open-source ecosystem, the software behind the license is technically not considered open source, and it will have a hard time getting acceptance from members in the community.

  • Open source has a problem with monetization, not AWS
  • Why you should take notice of the open source in enterprise suckers conundrum

    In the MongoDB case, AWS is widely regarded as responding to a licensing change MongoDB made in October 2018 that has caused something of a stir among the open source cognoscenti.

  • Fedora Community Blog: FPgM report: 2019-03

    Here’s your report of what has happened in Fedora Program Management this week.

    I’ve set up weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.

Red Hat Advances Container Technology With Podman 1.0

Filed under
Red Hat
Server

Red Hat announced the 1.0 release of its open-source Podman project on Jan. 17, which provides a fully featured container engine.

In Podman 1.0, Red Hat has integrated multiple core security capabilities in an effort to help enable organizations run containers securely. Among the security features are rootless containers and enhanced user namespace support for better container isolation. Containers provide a way for organizations to run applications in a virtualized approach on top of an existing operating system. With the 1.0 release, Red Hat is now also positioning Podman as an alternative to the Docker Engine technology for application container deployment.

"We felt the sum total of its features, as well as the project's performance, security and stability, made it reasonable to move to 1.0," Scott McCarty, product manager, Containers, Red Hat, told eWEEK. "Since Podman is set to be the default container engine for the single-node use case in Red Hat Enterprise Linux 8, we wanted to make some pledges about its supportability."

Read more

Also: Update on Volume Snapshot Alpha for Kubernetes

How Do You Fedora: Journey into 2019

Filed under
Red Hat

Jose plans on continuing to push open source initiatives such as cloud and container infrastructures. He will also continue teaching advanced Unix systems administration. “I am now helping a new generation of Red Hat Certified Professionals seek their place in the world of open source. It is indeed a joy when a student mentions they have obtained their certification because of what they were exposed to in my class.” He also plans on spending some more time with his art again.

Carlos would like to write for Fedora Magazine and help bring the magazine to the Latin American community. “I would like to contribute to Fedora Magazine. If possible I would like to help with the magazine in Spanish.”

Akinsola wants to hold a Fedora a release part in 2019. “I want make many people aware of Fedora, make them aware they can be part of the release and it is easy to do.” He would also like to ensure that new Fedora users have an easy time of adapting to their new OS.

Kevin is planning is excited about 2019 being a time of great change for Fedora. “In 2019 I am looking forward to seeing what and how we retool things to allow for lifecycle changes and more self service deliverables. I think it’s going to be a ton of work, but I am hopeful we will come out of it with a much better structure to carry us forward to the next period of Fedora success.” Kevin also had some words of appreciation for everyone in the Fedora community. “I’d like to thank everyone in the Fedora community for all their hard work on Fedora, it wouldn’t exist without the vibrant community we have.”

Read more

Server Side Public License (SSPL) Fallout

Filed under
Red Hat
Server
OSS
  • Red Hat drops MongoDB over concerns related to its Server Side Public License (SSPL)

    It was last year in October when MongoDB announced that it’s switching to Server Side Public License (SSPL). Now, the news of Red Hat removing MongoDB from its Red Hat Enterprise Linux and Fedora over its SSPL license has been gaining attention.

  • The Need for Sustainable Open Source Projects

    The point of the article is a lot of companies that support open source projects, like RedisDB, are moving to more closed source solutions to survive. The cloud providers are called out as a source of a lot of problems in this article, as they consume a lot of open source software, but do not really spend a lot of time or effort in supporting it. Open source, in this situation, becomes a sort of tragedy of the commons, where everyone thinks someone else is going to do the hard work of making a piece of software viable, so no-one does any of the work. Things are made worse because the open source version of the software is often "good enough" to solve 80% of the problems users need solved, so there is little incentive to purchase anything from the companies that do the bulk of the work in the community.

  • MongoDB’s licensing changes led Red Hat to drop the database from the latest version of its server OS

    After MongoDB decided last year that it was changing the license for its open-source database to a more restrictive version, Red Hat decided it would no longer include MongoDB in the latest version of its flagship Red Hat Enterprise Linux operating system.

    The change apparently went unnoticed until a Hacker News thread took off earlier today, but it was included in the release notes for RHEL 8.0, which was released in beta last November. In those notes, Red Hat states “note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL).”

Fedora Still Needs Help Testing The New Zchunk Metadata Support

Filed under
Red Hat

Fedora has been working on transitioning to Zchunk for its DNF metadata due to its good compression ratio while being delta-friendly and leveraging the existing work of Zstandard and Zsync/casync. The metadata has been offered in Zchunk for some weeks while more client testing is needed before landing that support in Rawhide and in turn for Fedora 30.

The goal of this Zchunk metadata for Fedora is to speed-up DNF operations by needing to download less metadata. While the server bits are in place, additional client testing is desired before landing the updated packages in Fedora Rawhide where it will affect all users on this development build of Fedora ahead of the Fedora 30 release due out in the spring.

Read more

Also: NOTICE: Epylog has been retired for Fedora Rawhide/30

Systemd 241 Paired With Linux 4.19+ To Enable New Regular File & FIFO Protection

Filed under
Linux
Red Hat

The Linux 4.19 kernel brought the ability to disallow the opening of FIFOs and regular files not owned by the user in world-writable sticky directories in the name of security. Had this ability been around previously it could have prevented a number of CVEs going back a long time. In helping ensure this functionality gets utilized, Systemd 241 will now set these sysctl options to enable the behavior by default.

The restricted O_CREAT of FIFOs and regular files is not enforced by the kernel by default as it could be considered a breaking change but with systemd 241+ it sets the fs.protected_regular and fs.protected_fifos sysctls to enabled for having said functionality, similar to systemd's enforcing of hardlink/symlink protection. This protection is for avoiding unintentional writes to an attacker-controlled FIFO or regular file. That Linux 4.19 kernel commit notes at least a handful of security vulnerabilities that could have been prevented by this functionality with those CVEs going back to at least the year 2000.

Read more

Testing openSUSE, Manjaro, Debian, Fedora, and Mint Linux distributions on my new laptop

Filed under
Linux
Red Hat
Debian
SUSE

Due to the recent unfortunate demise of a couple of my computers I found myself in need of a new laptop on rather short notice. I found an Acer Aspire 5 on sale at about half price here in Switzerland, so I picked one up. I have been installing a number of Linux distributions on it, with mostly positive results.

Read more

Fedora Decides To Not Allow SSPLv1 Licensed Software Into Its Repositories

Filed under
Red Hat
Server
OSS
Legal

Back in October, MongoDB announced the Server Side Public License v1 (SSPLv1) as their new license moving forward for this document-oriented database server over their existing AGPL code. SSPL was met with much controversy upon its unveiling and Fedora's legal team has now ruled it an invalid free software license for packaged software in its repositories.

The intent of MongoDB developing the Server Side Public License was to ensure that public cloud vendors and other companies using their software as a service are giving back to the community / the upstream project. SSPL v1 was based on the GPLv3 but lays clear that a company publicly offering the SSPL-licensed software as a service must in turn open-source their software that it uses to offer said service. That stipulation applies only to organizations making use of MongoDB for public software services.

Read more

Deepin Desktop Option Approved For Fedora 30

Filed under
Red Hat

Last month we mentioned that Fedora 30 was possibly picking up a Deepin Desktop Environment option for this Qt5-based desktop developed by the Deepin Linux distribution.

Assuming the packaging work remains in good shape, the Deepin desktop option will be found in the May release of Fedora 30. The Fedora Engineering and Steering Committee (FESCo) has formally approved of Deepin being offered by Fedora 30.

Read more

Fedora: Releases, PHP and Fedora Test Day

Filed under
Red Hat
Syndicate content

More in Tux Machines

Today in Techrights

Security: Bo Weaver, New Scares, Clones With Malware

  • Bo Weaver on Cloud security, skills gap, and software development in 2019
    Bo Weaver, a Kali Linux expert shares his thoughts on the security landscape in the cloud. He also talks about the skills gap in the current industry and why hiring is a tedious process. He explains the pitfalls in software development and where the tech is heading currently. Bo, along with another Kali Linux expert Wolf Halton were also interviewed on why Kali Linux is the premier platform for testing and maintaining Windows security. They talked about advantages and disadvantages for using Kali Linux for pentesting. We also asked them about what they think about pentesting in cybersecurity, in general. They have also talked about their stance about the role of pentesting in cybersecurity in their interview titled, “Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity” [...] I laugh and cry at this term. I have a sticker on my laptop that says “There is no Cloud…. Only other people’s computers.” Your data is sitting on someone else’s system along with other people’s data. These other people also have access to this system. Sure security controls are in place but the security of “physical access” has been bypassed. You’re “in the box”. One layer of security is now gone. Also, your vendor has “FULL ACCESS” to your data in some cases. How can you be sure what is going on with your data when it is in an unknown box in an unknown data center? The first rule of security is “Trust No One”. Do you really trust Microsoft, Amazon, or Google? I sure don’t!!! Having your data physically out of your company’s control is not a good idea. Yes, it is cheaper but what are your company and its digital property worth? [...] In software development, I see a dumbing down of user interfaces. This may be good for my 6-year-old grandson, but someone like me may want more access to the system. I see developers change things just for the reason of “change”. Take Microsoft’s Ribbon in Office. Even after all these years, I find the ribbon confusing and hard to use. At least, with Libre Office, they give you a choice between a ribbon and an old school menu bar. The changes in Gnome 3 from Gnome 2. This dumbing down and attempting to make a desktop usable for a tablet and a mouse totally destroyed the usability of their desktop. What used to take 1 click now takes 4 clicks to do.
  • Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity [Interview]
  • Cloud security products uninstalled by mutating malware [Ed: Affects already-compromised servers]
    Linux is more prevalent than one might think, Microsoft Azure is now predominantly run on Linux servers - it's not just the Chinese cloud environments being hosted via Linux, it's likely that your business is running at least one cloud service on a Linux server too.
  • Google Play still has a clone problem in 2019 with no end in sight
    A fake app tries to clone another app in name, looks, and functionality, often also adding something like malware. Despite Google’s best efforts, both types of apps were fairly common in 2018.

Programming: GNU Binutils, Qt, Python, GStreamer, C++ and GTK+

  • GNU Binutils 2.32 Branched Ahead Of Release With New Features
    A new release of the GNU Binutils programming tools will soon be available. The upcoming Binutils 2.32 release is primarily made up of new CPU ports.  GNU Binutils 2.32 is bringing a MIPS port to the Loongson 2K1000 processor and the Loongson 3A1000/3A2000/3A3000 processors, all of which are based on the MIPS64r2 ISA but with different instruction set extensions. These new GPUs are exposed via -march=gs264e, -march=gs464, and -march=gs464e flags. With Binutils 2.32, the utilities like objdump and c++filt now have a maximum amount of recursion that is allowed while demangling strings with the current default being 2048. There is also a --no-recurse-limit for bypassing that limit. Objdump meanwhile allows --disassemble to specify a starting symbol for disassembly.
  • Building Qt apps with Travis CI and Docker
    I recently configured Travis CI to build Nanonote, my minimalist note-taking application. We use Jenkins a lot at work, and despite the fact that I dislike the tool itself, it has proven invaluable in helping us catch errors early. So I strongly believe in the values of Continuous Integration. When it comes to CI setup, I believe it is important to keep your distances with the tool you are using by keeping as much setup as possible in tool-agnostic scripts, versioned in your repository, and making the CI server use these scripts.
  • PyPI Security and Accessibility Q1 2019 Request for Proposals Update
    Earlier this year we launched a Request for Information (RFI) followed by the launch of a Request for Proposals (RFP) in November to fulfill a contract for the Open Technology Fund (OTF) Core Infrastructure Fund.  The initial deadline for our RFP was December 14th. We had hoped to begin work with the selected proposers in January 2019, but ultimately fell short of the ability to do so.
  • GStreamer 1.15.1 Released With Work On AV1, V4L HEVC Encode/Decode
    GStreamer 1.15.1 was announced on Friday as the first development release in the trek towards GStreamer 1.16 for this powerful open-source multimedia framework.
  • GStreamer 1.15.1 development release
    The GStreamer team is pleased to announce the first development release in the unstable 1.15 release series. The unstable 1.15 release series adds new features on top of the current stable 1.14 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. The unstable 1.15 release series is for testing and development purposes in the lead-up to the stable 1.16 series which is scheduled for release in a few weeks time. Any newly-added API can still change until that point, although it is rare for that to happen.
  • Is C++ fast?
    A library that I work on often these days, meshoptimizer, has changed over time to use fewer and fewer C++ library features, up until the current state where the code closely resembles C even though it uses some C++ features. There have been many reasons behind the changes - dropping C++11 requirement allowed me to make sure anybody can compile the library on any platform, removing std::vector substantially improved performance of unoptimized builds, removing algorithm includes sped up compilation. However, I’ve never quite taken the leap all the way to C with this codebase. Today we’ll explore the gamut of possible C++ implementations for one specific algorithm, mesh simplifier, henceforth known as simplifier.cpp, and see if going all the way to C is worthwhile.
  • Python Counters @PyDiff
  • Report: (clxi) stackoverflow python report
  • Regular Expressions in Python
  • Starting on a new map rendering library
    Currently in Maps, we use the libchamplain library to display the bitmap map titles (based on OpenStreetMap data and aerial photography) that we get from our tile provider, currently MapBox. This library is based on Clutter and used via the GTK+ embed support within libchamplain, which in turn makes use of the Clutter GTK embed support. Since this will not be supported when moving along to GTK+ 4.x and the Clutter library is not maintained anymore (besides the copy of it that is included in the GNOME Shell window manager/Wayland compositor, Mutter) eventually Maps will have to find a replacement. There's also some wonky bugs especially with regards to the mixing of event handling on the Clutter side vs. the GTK+ side. So to at least get the ball rolling a bit, I recently decided to see how hard it would be to take the code from libchamplain and keep the grotty deep-down internals dealing with tile downloading and caching and such and refocus the top-level parts onto new GTK+ 4 technologies such as the Snapshot, GSK (scene graph), and render node APIs.

today's howtos