Why Would Fedora be Free ? Can it be Trusted?
Benjamin J. Weiss
benjamin at weiss.name
Wed May 12 12:57:48 UTC 2004
From: "Chalonec Roger" <Chalonec.Roger at pbgc.gov>
I'm not the expert, so the replies below are merely my opinion...
> I am looking at using Fedora at my work and some people are asking the
> following questions or have the following concerns that I did not know
> how to answer:
> 1. Why is fedora free and why would people work on it for free?
There are multiple answers to this one. Linux Torvalds wanted to create a
version of Unix that would run on a PC, that everybody could use for free
(as in no cost). Because he was an altruist he believed that it should be
Free Open Source Software, which means that anybody in the world could look
at the code and modify it for their own purposes, provided that they then
offered their work back to the community. Why? I believe that it's because
there are just some people who enjoy helping and sharing more than making a
lot of money. That's one reason why I used to volunteer for the Red Cross
and am now in the National Guard. Not everybody's motivated by money.
>2. Some people are concerned that since Fedora is open source that they
> don't know where the software comes from so they can't trust it. How
> can they trust it?
I've seen this argument recently, and while it sounds good, I can't find any
serious logic behind it. If this were the case, then Microsoft's Windows
would be safe. We all know that is not the case based on the myriad
exploits/worms/virii/etc. that currently plague the windows world.
Also remember that Fedora is only a *distribution* of linux. The linux
kernel is overseen by Linux Torvalds and his kernel team (I wish *I* was
that smart!), and I'm pretty sure that he watches that code about as closely
as a mother cat shepherding her kittens through a dog show. :) All of the
other software are packages maintained by their respective teams. However,
each software package is also monitored by distro teams who backport
security fixes, etc. So while it's possible that somebody might be able to
slip in a piece of malicious code, it would almost have to be a majority of
the team members of a certain package, and it would most likely be quickly
picked up by a patch team somewhere.
> 3. How are updates to Fedora vetted and accepted?
Sorry, I don't know this one.
> 4. Does Redhat have any involvement with Fedora?
Yes, they provide a great deal of resources to the project. Their web site
claims that Fedora is a sort of "test bed" for technologies before they make
their way into RHEL, though they're giving control of the project back to
> 5. Does Redhat use the same processes in "controlling" fedora quality and
releases as it did
> the free versions of Redhat?
I don't know this one either.
> 6. Ostensibly Redhat offered free versions of Redhat Linux because they
could make a profit on support. Now Redhat
> has built a market and Redhat is no longer free. What is the profit
> motivation of the Fedora group and persons/orgs who make software
> contributions to it? (By the way, there is nothing wrong with profit.)
Well, the profit motive for RedHat sponsoring the project is that they get a
test bed and an enthusiastic test community for software that will make it
into RHEL. For the rest of the Fedora community, there simply *isn't* a
profit motive. I don't think that profit is evil or anything, though some
people can be so motivated by greed that they lose all sense of morality
(*cough* Bill *cough* Gates *cough*). But take a look at this list. None
of the folks here are paid to help others, they just do it because they love
Fedora and linux and want to help others join the club.
One final word about security. I've heard a lot of folks trying to claim
that linux isn't secure. However, if that's the case, ask them about how
many linux worms and virii have plagued the internet as opposed to ones that
run on Windows. Then when they make the claim that this is because windows
is in much more use than linux, ask them how many worms have swarmed across
the net that used Apache (which runs about 70% of the web) as opposed to
Microsoft's IIS. We call this "empirical evidence", and linux wins
More information about the fedora-list