Push Fedora base to v23 for next major update?
67 views
Skip to first unread message
lucian....@gmail.com
Oct 4, 2015, 10:59:52 AM10/4/15
to qubes-devel
I know the roadmap says that the next time you update Fedora it will be version 22.
> Fedora 23 includes a number of changes that will improve all of the editions. For example, Fedora 23 makes use of compiler flags to improve security by hardening the binaries against memory corruption vulnerabilities, buffer overflows, and so on. This is a “behind the scenes” change that most users won’t notice through normal use of a Fedora edition, but will help provide additional system security.
Likewise, Fedora 23 has disabled SSL3 and RC4 by default due to known vulnerabilities in the protocols. This means all applications that use GNUTLS and OpenSSL libraries have had the SSL3 protocol and RC4 cipher disabled.
Fedora 23 comes with the latest version of Mono 4. This means a big improvement because we were stuck with an ancient version of Mono (2.10) for too long. All packages within Fedora that are based on Mono have been adjusted and rebuilt, to target the 4.5 version of the .Net framework. Mono 4 does not support solutions targeting v1.0, v2.0 or v3.5 of .Net, but usually they can be easily upgraded to v4.5.
http://fedoramagazine.org/fedora-23-beta-released/
https://fedoraproject.org/wiki/Changes/Harden_All_Packages
However, unless you're already far into working with version 22, it seems that going with v23 might be
a better choice due to all the extra package hardening:
Likewise, Fedora 23 has disabled SSL3 and RC4 by default due to known vulnerabilities in the protocols. This means all applications that use GNUTLS and OpenSSL libraries have had the SSL3 protocol and RC4 cipher disabled.
Fedora 23 comes with the latest version of Mono 4. This means a big improvement because we were stuck with an ancient version of Mono (2.10) for too long. All packages within Fedora that are based on Mono have been adjusted and rebuilt, to target the 4.5 version of the .Net framework. Mono 4 does not support solutions targeting v1.0, v2.0 or v3.5 of .Net, but usually they can be easily upgraded to v4.5.
http://fedoramagazine.org/fedora-23-beta-released/
https://fedoraproject.org/wiki/Changes/Harden_All_Packages
Marek Marczykowski-Górecki
Oct 4, 2015, 11:10:29 AM10/4/15
to lucian....@gmail.com, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Sep 22, 2015 at 07:48:12AM -0700, lucian....@gmail.com wrote:
> I know the roadmap says that the next time you update Fedora it will be
> version 22.
> However, unless you're already far into working with version 22, it seems
> that going with v23 might be
> a better choice due to all the extra package hardening:
The work on Fedora 22 is somehow advanced, but once done, adding support
for 23 should be quite easy.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWEUFdAAoJENuP0xzK19csTWQH/ityQl+KdAWqDdCKrb0iW6DL
xFXOA6zwc9Yx5R+TROxrrHi/YTHIdbYR446BOesv3U6rdFKrejy2QRAO7vlgSce4
/HYtUpEczHnXj4P+AKU6zRzGiAT/3N9vlhKyX/lXaVaSQsMgFAYJaKMNJ9icQ1TF
ybwAq9obNOM0ujqNTf6qxNbdjsR3NZlvfp/MtxxsNLZljHNvanIaEf3/+dT7HFL/
mcg0BmX1NsQEzArEu4cich321G1TDyGBIsFwZ7iaDDS2BxrGXzy6K/WXNkcWZgrG
1N3RF8lV2hlgVPb9qZcWJQ8SsjZX6/7cd+blXjSFvRUznZ7Za4qPzHrXNP956ZM=
=qNU0
-----END PGP SIGNATURE-----
Hash: SHA256
On Tue, Sep 22, 2015 at 07:48:12AM -0700, lucian....@gmail.com wrote:
> I know the roadmap says that the next time you update Fedora it will be
> version 22.
> However, unless you're already far into working with version 22, it seems
> that going with v23 might be
> a better choice due to all the extra package hardening:
for 23 should be quite easy.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWEUFdAAoJENuP0xzK19csTWQH/ityQl+KdAWqDdCKrb0iW6DL
xFXOA6zwc9Yx5R+TROxrrHi/YTHIdbYR446BOesv3U6rdFKrejy2QRAO7vlgSce4
/HYtUpEczHnXj4P+AKU6zRzGiAT/3N9vlhKyX/lXaVaSQsMgFAYJaKMNJ9icQ1TF
ybwAq9obNOM0ujqNTf6qxNbdjsR3NZlvfp/MtxxsNLZljHNvanIaEf3/+dT7HFL/
mcg0BmX1NsQEzArEu4cich321G1TDyGBIsFwZ7iaDDS2BxrGXzy6K/WXNkcWZgrG
1N3RF8lV2hlgVPb9qZcWJQ8SsjZX6/7cd+blXjSFvRUznZ7Za4qPzHrXNP956ZM=
=qNU0
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages