Linked by Thom Holwerda on Mon 20th Jul 2009 19:16 UTC
Sun Solaris, OpenSolaris The Linux desktop has come a long way. It's a fully usable, stable, and secure operating system that can be used quite easily by the masses. Not too long ago, Sun figured they could do the same by starting Project Indiana, which is supposed to deliver a complete distribution of OpenSolaris in a manner similar to GNU/Linux. After using the latest version for a while, I'm wondering: why?
Thread beginning with comment 374470
To read all comments associated with this story, please click here.
No free security fixes for releases
by gjoahnn on Tue 21st Jul 2009 17:19 UTC
gjoahnn
Member since:
2009-06-02

One major issue I have brought up before but which seems to get little attention is that you need a support contract to obtain security fixes and other updates for OpenSolaris releases.
Otherwise you only have the option to either use the development version with all its instabilities, beta versions etc. or the stable but insecure and essentially unmaintained release version (note that you also currently cannot upgrade single packages from the /dev repository when running /release).

The cheapest support contract for OpenSolaris giving you access to the support repository is $324/yr. (it includes 48h e-mail response support which is something developers/home users/enthusiasts most likely won't need).
So I would say that is a pretty major difference from popular Linux distributions such as Debian stable, Ubuntu, Fedora, OpenSUSE etc. which give you free access to securtity and stability fixes of their releases.

Reply Score: 2

dvzt Member since:
2008-10-23
gjoahnn Member since:
2009-06-02

Well it is true. Fact is that 2008.11 contains numerous critical security vulnerabilities e.g. in OpenSSL, ipfilter, or Firefox, all of which have been fixed in the /support and /dev branch only.
The 2009.06 release e.g. contains a Firefox 3.1beta with critical vulnerabilities, a fix is available from /support or /dev only.
For more examples of unfixed security vulnerabilities in both the 2008.11 and 2009.06 release branches check http://blogs.sun.com/security/category/alerts .
Also note their change in policy on their website which I have previously mentioned in http://www.osnews.com/thread?366658 .

Reply Parent Score: 2