Understanding how security advisories affect the software infrastructure is absolutely critical, and we believe that capability should be freely available.
RENO, Nev. (PRWEB) February 02, 2023
Doubling down on its commitment to full open source reproducibility of the most current Rocky Linux bug fixes, security patches and feature enhancements, CIQ engineers have released the Rocky Linux 9 errata subsystem as an open source project and fully integrated it with the open source build system Peridot. The Rocky Linux 9 errata is now available through the Rocky Enterprise Software Foundation (RESF), which will continue to maintain the project. For the first time an enterprise Linux distribution can be built and enhanced by the open source community thanks to the Peridot build system, now with full access to the latest errata and supporting infrastructure, contributing to software supply chain security for the enterprise.
"Peridot is revolutionizing the way we manage Rocky Linux packages and update information with its cloud-native repository manager, yumrepofs, and its new CVE (Common Vulnerabilities and Exposures) indexer and errata mirroring tool,” said Mustafa Gezen, senior software engineer at CIQ and creator of Peridot. “This powerful build system eliminates the need for NFS (Network File System) and relies solely on object storage, allowing for a more efficient and reliable way to maintain and publish repository state. With the ability to track errata from multiple sources, including Rocky Linux's upstream, and follow the lifecycle of CVEs until they are fixed, Peridot is a game-changer for managing software updates."
The use of errata is a critical aspect in managing supply chain security, as it provides the reporting necessary to have transparency of the latest bug fixes, CVEs, functionality enhancements and more, all in real time. By making this information fully available alongside Rocky Linux repositories, the RESF is aiding users to do more granular maintenance to their systems. Rocky Linux is now including this information in full in their current supported repositories, but is also making historical data available through their Web UI. The RESF will also be providing full API access to this data.
“What I've been hearing over and over from CISOs is that they need absolute transparency and reporting of security within their supply chain,” said Gregory Kurtzer, founder and CEO of CIQ and founder of Rocky Linux. “Understanding how security advisories affect the software infrastructure is absolutely critical, and we believe that capability should be freely available. For this reason—and in alignment with our commitment to open source—we've released not only the front end but also the backend indexers so others can leverage and collaborate to further our shared need for software supply chain management and security.”
About Rocky Linux
Rocky Linux is an open source enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux®. It was created by one of the original CentOS founders, Gregory Kurtzer, to achieve the original goals of CentOS as a production-ready downstream version of Red Hat Enterprise Linux. It is hosted by the Rocky Enterprise Software Foundation (RESF). Rocky Linux uses only open source tools to deliver a completely reproducible operating system ensuring there is no repeat of the CentOS end-of-life issues.
The Rocky Enterprise Software Foundation (RESF) exists to organize open source communities comprising enterprise, research, academia, individuals and other institutions to collaborate on building and maintaining the open source tools that these organizations need. The vision of the RESF is to create and nurture a community that is committed to ensuring the longevity, stewardship and innovation of enterprise-grade open source software that is always freely available. Organizations interested in becoming a sponsor and learning about the multiple benefits of RESF sponsorship should contact firstname.lastname@example.org. Individuals interested in becoming a member of the RESF must first be active in an RESF project; visit the Rocky Wiki to learn more.
CIQ powers the next generation of software infrastructure, leveraging capabilities from enterprise, cloud, hyperscale and HPC. From the base operating system, through containers, orchestration, provisioning, computing and up to cloud applications, CIQ works with every part of the technology stack to drive solutions for customers and communities with stable, scalable, secure production environments. CIQ is the founding support and services partner of Rocky Linux, and the creator of the next generation federated computing stack. For more information, please visit ciq.co.