LONDON – When I met with open source partner Dustin Kirkland, vice president of engineering at Chain Guard in Kubecon Europe, he said he thanked the company for the new Linux distribution. Chainguard OS.
why? In a May 2024 story about Kernel Security, all distributions said Linux Security was wrong. (That was the conclusion of a CIQ Research, Linux Stable Kernel Maintenant Greg Kroah-Hartman, and Top Linux Developer Kees Cook. )
“The light bulb went off,” Kirkland told me.
Also: 5 Best Linux Distributions to Keep Anonymous – If the VPN is Not Good
Previously, a secure container company based in Kirkland, Washington, had released “undistributed” Wolfi, which contains all the software needed for non-Linux containers. However, recently Chainguard was considering building his own secure enterprise Linux. However, according to Kirkland, it requires a lot of work and dozens of Linux kernel developers. However, using the approach I explained in the story, they were able to build a more secure distribution for much less work and money.
how? As Kroah-Hartman explained, you should always use the latest long-term stable kernel (LTS). The keyword here is “latest”. Using LTS is not enough. It should be used to make the latest releases as safe as possible. Cook added, “If it’s painful, the answer is simple: Continuously update the latest kernel releaseseither major or stable. ”
Kroah-Hartman often says, “any bug can become a security issue at the kernel level.” “We’ve added that we’ve been working on Linux Kernel Developer and Editor-in-Chief of LWN,” added:
That’s now Linux is responsible for issuing all its own CVEsThe latest version of the LTS kernel will get fixes for all known bugs as soon as it becomes available. So, by tracking the LTS kernel tree and publishing a rolling Linux release immediately, you can ensure that Chainguard OS is as safe as humanly possible.
Additionally, Chainguard OS uses Chainguard’s automatic build system. Chainguard FactoryTo eliminate unnecessary software bloating and reduce potential attack surfaces. This design reduces the dependencies of the operating system and reduces the chances of security holes.
Also: I’m a Linux power user and this distribution has the most refreshing take in OS design
The OS is also designed for zero trust’s immutable infrastructure. This approach enhances security and minimizes the risk of supply chain attacks by ensuring that all components are validated and trusted. So when new patches come out, you don’t patch the operating system at all. Instead, replace the lock, stock and barrel with a new, completely safe model.
The Chainguard OS is continuously validated to ensure that it is free of vulnerabilities. This continuous verification process helps maintain a secure software development and deployment environment. For example, if a new security hole is found in Python rather than Linux, the entire operating system, Python, and other software programs are drawn and replaced as a single package.
Chainguard OS is part of Chainguard’s broader strategy to protect the software supply chain. The company has already made great strides with container images and libraries designed to eliminate vulnerabilities and provide a secure foundation for developers. By extending this approach to the operating system level, Chainguard helps developers to focus on building secure software without patching legacy vulnerabilities.
Also: 4 reasons why Libreoffice downloads progress (hint: you are concerned)
Why isn’t everyone doing this? If you rely on a specific version of Linux for a company that many companies do, you don’t want the operating system fundamentals to change all the time. Therefore, long-term Linux distributions such as Centos also have users. They rely on TuxCare Endless Life Cycle, The End of OpenLogic Centos in Life Supportor Suse Multi-Linux Supportpreviously Liberty Linux, for support.
However, if security is a top priority for your company’s Linux workloads, I recommend using Chainguard imagesis built on top of Chainguard OS. Chainguard OS is not available as a standalone distribution. It’s not the Chainguard market.
But if you ask them well, maybe they’ll consider it. In the meantime, if you’re running most of your work in the cloud, check out their container images, Language Libraryand Virtual Machine (VM). You’re happy that you’ve done.
Going ahead of security news Today’s technologyIt will be delivered to your inbox every morning.
