It’s only a proof of concept at the moment and I don’t know if it will see mass adoption but it’s a step in the right direction to ending reliance on US-based Big Tech.
Based on a US distro whose versions are supported for 1 year, and “built to the requirements for the EU public sector” (because the EU public sector has one coherent set of requirements and the dev knows them, even if he doesn’t list them out).
This is most probably good-intentioned and it is admirable how the dev sprung into action, but it’s naive at best.
I thought it was naive as well, but because they based it on a mayfly distro that has really great validation and reliability but it’s gone in a fortnight.
Wither Almalinix or Cloudlinux or PCLinuxOS or Mandriva? Three of them have really solid support structures and at least one of them has amazing compatibility options with libraries for services.
There are options. A few of them could be better than fedora while fedora is still owned by redhat as redhat dies from suffocation – hell, its all just fucking ancillary bull (Ansible) they sell now, as its metastatic cancer (Systemd) eats it alive.
@SpiceDealer Sorry, what ? How can it be made in EU if it’s a Fedora fork/derivative ?
Yeah, not a lot of distros they could’ve based it on, which are less rooted in the EU. 🫠
@Ephera OpenSUSE is first to come to mind, then probably Mageia + OpenMandriva (Mandrake derivatives).
All these EU opensource initiatives looks really good, but I fear that they may just be trying to pump taxpayer money and produce actually nothing usable.OpenSUSE is German
Of all the distros to base it on, why would they choose fedora?
openSUSE is right there lol
@ScotinDub I would say because it helps corporate adhesion, but no, they have no clue it’s just a POC for now eu-os.gitlab.io/goals
As a Swede we claim all of linux to be finno-swedish :)
@lambipapp Legit 😆
I mean Fedora is open source but if they really wanted a european base, they could have gone with opensuse. AFAIK opensuse is the only fully european linux distro plus they use many of the same tech that redhat/fedora does.
Ultimately I think it doesn’t matter too much since even the linux foundation is based in the US and large parts of what makes the linux desktop are maintained by non-EU companies (on top of all the major projects hosted by Github, Gitlab including most of Flathub). If its all open source, I think the risks are pretty low e.g. huawei was able to use Android despite all the restrictions.
@notanapple The more I read the docs, the more I think it doesn’t matter, they are poking around an EU distro. Nothing more, for now it is a proof of concept, not entitled to produce anything production ready
But Fedora is based on an IBM product… so that’s a swing and a miss. SuSE would be a better direction, IMO
Only after IBM purchased Redhat recently
Which was my point, yes.
In my opinion, If sovereignty is the goal i think GTK based DE will be safer than QT based DE.
I am aware of The Free QT foundation And its relation to KDE but in a long term there is possibility of things might get complicated if there is change in policy . And even the QT trademark is not totally free. I’m not trying to start DE war, i love both KDE and GNOME.
The Qt foundation tried to get fucky once already, and KDE and some other major companies that rely on it were about ready to fork it if they persisted. Qt seemed to calm down after that.
Not a great relationship to be in though, constantly suspecting that your toolkit might do a rugpull at some point if the shareholders demand it. But I think they could pull off a fork if they ever did.
I wonder how much work is entailed in transforming Fedora in to a distro that meets some definition of the word “Sovereign” 🤔
Personally I wouldn’t want to make a project like this be dependent on the whims of a US defense contractor like RedHat/IBM, especially after what happened with CentOS.
But it’s a good starting point. Better than inventing everything from the scratch.
I read the sovereign to mean something like an unified platform for EU institutions, that you can dev and train people on.
dependent on the whims of a US defense contractor like RedHat/IBM
A very good point.
Shame that Brexit happened, otherwise they could go with Canonical’s Ubuntu
Why restrict it to EU and not Europe?
Or better still, somehow make it universal and not subject to the whims of one political nutbar.
I’m not sure if this is satire, because if yes, well played, if not, Fuck That.
I didn’t know red hat was working for the US government. Can you tell me in what way?
At the same time, Red Hat released the first version of Red Hat Enterprise Linux, Red Hat Enterprise Linux 2.1. The Army deployed Red Hat’s operating system in its Blue Force Tracker system, which lived in jeeps and tanks on the battlefield. Major General Nicholas Justice, the man responsible for Blue Force Tracker, said later:
“When we rolled into Baghdad, we did it using open source.”1
To this day, the U.S. Army remains one of Red Hat’s largest customers by volume. Red Hat was recently made part of the Army’s Common Operating Environment, which is their enterprise standard.
Thanks I’m gonna have a deeper look into this then😇
I didn’t know red hat was working for the US government. Can you tell me in what way?
tldr: https://www.redhat.com/en/solutions/public-sector/dod
Various documents in (what wikipedia now calls) the “2010s global surveillance disclosures” showed that many components of NSA (and other Five Eyes partners) infrastructure is run on RedHat Enterprise Linux.
According to a 2008 study by the Office of the Director of National Intelligence, private contractors make up 29% of the workforce in the United States Intelligence Community and cost the equivalent of 49% of their personnel budgets. RedHat is part of that industry.
It’s often illuminating to search a company’s job listings for words like “clearance”. There are currently only eight listings for that query at RedHat but sometimes they have many more. Here (archive) is a current one. Here is another one archived last year.
Here is the text, in case the archive site loses it
Consulting Architect, TS/SCI + Polygraph Clearance Required (Fort Meade)
remote type Remote
locations Remote US MD
time type Full time
posted on Posted 30+ Days Ago
job requisition id R-038935
About The Job
Red Hat’s Public Sector Consulting team is looking for a Consulting Architect with a solid background in Linux, container platforms, IT Automation, virtualization technologies and an active TS/SCI + Polygraph security clearance to join us remotely in Maryland. In this role, you will help Intelligence Community customers design and operate core infrastructure that can scale to the demands of the modern digital marketplace. You’ll work with customers in small teams to build, test, and iterate over innovative application prototypes attached to real business value. You’ll use a variety of modern application development practices, along with emerging technologies from open source communities to get it done. As a Consulting Architect, you will help us become the defining technology company of the 21st century built on open source principles. You’ll also help us to fulfill our vision by guiding the strategic success of our customers using Red Hat’s solutions by building the industry’s best team of open source developers and partnering with our customers to build the premium software systems of tomorrow.
This position requires frequent on-site work at Fort Meade and an active TS/SCI + Polygraph security clearance.
What You Will Do
- Deliver successful discovery, analysis, and design workshops for teams of technical and non-technical backgrounds that shape the customer use cases and architecture design decisions
- Scope delivery projects and guide customers through successful pilot and production deployments
- Oversee the design, creation, and delivery of content that enables the broader Red Hat teams to sell (presales), service (consulting), and support our cloud solutions at scale
- Work closely with product business, product engineering, consulting, technical support, and sales teams to ensure excellent customer experience with Red Hat’s offerings
- Contribute to the development of repeatable methodologies and tools designed to scale Red Hat’s services capabilities, promote repeatable customer engagements, and lower delivery risk
- Demonstrate expertise in cloud and DevOps communities by producing outstanding whitepapers and webinars, code contributions to relevant projects, and speeches at industry-leading conferences
- Work with customers on the writing of business justifications if needed
- Work with the open source community to engineer labs-based software solutions designed to further accelerate our customers’ success at Labs
- Become a trusted adviser to our customers, helping them achieve business success in an ever-changing technology landscape
What You Will Bring
- Active Top Secret w/ SCI security clearance + Polygraph
- Broad knowledge of Red Hat OpenShift, Red Hat Ansible Automation Platform, and Red Hat Enterprise Linux
- Broad and deep technical experience with virtualization, container, and cloud technologies
- Solid Linux system administration skills; Red Hat Certified Engineer (RHCE)-level Linux skills or better; certifications are a plus but not required
- Experience with cloud technologies, especially Red Hat OpenStack Platform, Amazon Web Services (AWS), Microsoft Azure, and Google Compute Platform (GCP)
- Extensive technical experience with virtualization, especially Red Hat Virtualization, VMware vSphere, Microsoft Hyper-V, and Citrix XenServer; VMware Certified Professional certification is a plus
- Solid debugging, troubleshooting, and general problem-solving skills
- Great customer service skills and desire to make users successful
- Positive attitude, ability to work as part of a team, and excellent written and verbal communication skills
- Deep understanding of working with DISA, FISMA, NIST, and STIG security guidelines and how to adhere to them
- Experience working within the US Department of Defense (DoD) and US Intelligence Community (IC)
- Ability to make on-site customer visits
The following are considered a plus:
- Practical experience with Red Hat Satellite or similar systems-management technologies
- Experience with Red Hat Ansible Automation Platform or other IT automation and configuration management tools like Puppet or Chef
- Experience with datacenter automation tools and processes
- System administration or datacenter architecture experience
- Windows system administration
- Ruby, Python, or PowerShell programming experience
- Ability to study and learn quickly and put new topics into practice
- Passion for open source software
#LI-REMOTE #LI-AL2
The salary range for this position is $138,350.00 - $228,310.00. Actual offer will be based on your qualifications.
Pay Transparency
Red Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat’s compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience.
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We’re a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.
Benefits
- Comprehensive medical, dental, and vision coverage
- Flexible Spending Account - healthcare and dependent care
- Health Savings Account - high deductible medical plan
- Retirement 401(k) with employer match
- Paid time off and holidays
- Paid parental leave plans for all new parents
- Leave benefits including disability, paid family medical leave, and paid military leave
- Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!
Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.
Diversity, Equity & Inclusion at Red Hat Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from diverse backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions of diversity that compose our global village.
Equal Opportunity Policy (EEO) Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.
Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.
(source)
Thanks I’m gonna have a deeper look into this then😇
Why not use the existing Distros?
Most distros, not all, are based in, or run by, American legal entities.
Redhat, Rocky, Alma, Debian, etc - all legally American. This is a problem if the US requires sanctions against another country. All of those cannot legally supply products to Russia now, but in the future who’s to say what other countries the US will sanction? People are only now starting to realise that sanctions can be applied to software too, and many countries are entirely reliant upon US Software. (Seriously, do a quick audit - 90% of our tech company’s stack is US originated)
Alternatives: Suse (German) Ubuntu (UK, but based on Debian, so likely subject to supply chain restrictions).
Can’t we just keep going with Ubuntu and fork it the moment the US wants to do anything funny
No, because forking a distro and updating some hundred thousands of PCs is not done in a week.
Edit: and why would we go with Ubuntu…
They’ll stop receiving updates, but we don’t have to switch over in a week right?
Ubuntu is just an example {{insert any Debian based distro here}}
If the EU were concerned about the US jurisdiction of Linux projects it could pick:
- OpenSuSE (org based in Germany)
- Mint (org based in Ireland)
- Manjaro (org based in France/Germany, and based of Arch)
- Ubuntu (org based in UK)
However if they didn’t care, then they could just use Fedora or other US based distros.
I think it would be a good idea for the EU to adopt linux officially, and maybe even have it’s own distro, but I’m not sure this Fedora base makes sense. Ironically this may also be breaching EU trademarks as it’s masquerading as an official project by calling itself EU OS.
Mint and Ubuntu have Debian as an upstream, don’t they?
Debian is a US legal entity, so if it was required to sanction countries, it feels that software built with it would likely be restricted.
Debian is open source though. So unless they make it closed source we can keep using it.
Making it closed source would probably kill it and a fork would take its place.
Well, all the distros being discussed are open source - it’s kind of a requirement when making a linux distro because the licences require it and you wouldn’t be able to make it closed source. (Unless there’s a huge shift in the law)
And being open source doesn’t necessarily prevent it falling under sanctions legislation. I have seen a linux distro being legally required to “take reasonable steps” to geo-block Russian access to its repos, and I’ve personally read disclaimers when installing linux that “This software is not allowed to be used in Russia”. (That distro is ‘owned’ by an organisation that was controlled by a single person, so it’s probably not comparable to Debian) We’re all technical people so we can all probably think of half a dozen ways around that, but it was still ordered by the US Government (even before the current government)
And you may be right in that it would be excempt. Debian isn’t owned by anyone, but its trademark is(Software in the Public Interest), and it feels possible that those who help distribute foss (by mirroring repos for example) may be restricted if they fall under US jurisdiction. I don’t know for certain - and unless someone here is a qualified lawyer specialising in software licences as well as how software rooted in the US relates to sanctions - we’re all probably guessing.
Three months ago any of this would have felt ridiculous - who would want to stop free software? But now? In this era of the ridiculous? I certainly feel unsure about predicting anything.
I still don’t see how the US can stop anyone from forking Debian etc.
Worst case scenario I can see is “The US implements martial law, no more trade what so ever allowed with anyone outside of the US and they put up a fire-wall to block all internet”
In that scenario we literally just pull Debian from the European mirrors, fork it and create NewDebian.
Problem solved.
Currently we heavily rely on Microsoft, Apple etc. If the US does the same thing, we’re fucked because we can’t just fork MS or Apple software.
We’re an ingenious and motivated bunch (See all the Redhat attempts to stop clones, and lots of other examples), so yes, I think we’d absolutely work around the problem if it was to happen.
And fedora is controlled by IBM. What’s your point.
Point? I was replying about Mint and Ubuntu - what has Fedora got to do with them?
How about systemd ? Aren’t all distros kinda fucked?
Fair point about systemd, or any of the other core components - I don’t know.
But I don’t think we’d be fucked - we’re ingenious and motivated and have a proven record of adapting and innovating to solve problems that stop us playing with our toys.
I would like the EU to make an official universal Linux distro, intended for the ordinary person to use on their PC. Bonus points if they can collaborate with Steam to make it compatible with gaming stuff. The big reason I stuck to Windows 11 is for the sake of games, but if compatibility and ease of use to customize was improved, I would be happy to switch away.
The big thing that the EU can bring to the project is contributing lots of money for making Linux suitable as a daily driver, along with mandating its usage on government machines.
It used to be true that Windows is better for gaming. That’s no longer the case.
Since steam deck runs on Linux, they made a compatibility layer allowing you to play windows games on Linux.
I switched to Linux a few months ago and have been able to play all my games just fine.
(also dual boot is an option)
i’d say if it happens it should start with focusing on:
- government and workstation (this is important first to have control and independence over so that government isn’t beholden to the whims of foreign companies)
- then server (maybe - idk really if that’s worth it though; it’s a whole can of compatibility worms and adoption expense)
- then user desktop
though there is the argument that workstation and user desktop are close enough to each other that user desktop should be above server, but i’d imagine it’d be more of a “home user” than gamer situation. i could imagine some regulations around refurbishing old tech with this kind of OS too, and this would be more about low spec machines (that’d help workstations too)
If the sanctions we are talking about actually took place, Steam in EU would be fucked. Better bet in GOG. Also, Bazzite is easier to setup and use than Windows. I made the switch a year ago, I still don’t know crap about Linux. Just try it.
It already is suitable as a daily driver, I use it for work and gaming.
I already tried it about a month and a half ago. Linux is really user-unfriendly if you got games that aren’t Steam exclusive or like modding. I got lots of older games or ones meant for a Japanese locale system, and I had issues with installing DLC via Heroic Games Launcher / Lutris / or just getting Mini Galaxy to work properly.
In any case, I want Steam to work with the EU on a EU Linux, since they got lots of money, data, and influence to help develop the distro. Plus, Gabe doesn’t want his platform locked onto Windows, so you got a personal motivation for Steam to seriously cooperate with the EU. The EU can put lighter sanctions on Steam if people buy games while using EU Linux. This would help drive adoption and normalize Linux usage among normal people after a decade or so.
Yeah, I agree… modding, trainers and games outside Steam aren’t easy enough yet. On Windows I didn’t use to mod games (except for Minecraft which is easy on Linux), so that didn’t hurt. What I did lose was WeMod. My take is that using Steam is way less bad than having to use Windows.
I’d add:
- Mageia (French)
- Zorin OS (Ireland)
- Ufficio Zero (Italy)
Last option but better for an easy migration: linuxfx.org
deleted by creator
Scammers never let a good global crisis get in their way.
- Rebadge a distro and say it’s fromm the EU
- …???
- Profit!
- Collect a hefty donation from EU
Meanwhile https://www.europarl.europa.eu/petitions/en/petition/content/0729%252F2024/html/Linux%2Bstatt%2BWindows just closed with 2474 Supporters
Well, first I hear of it.
As much as I love what they’re doing, tieing an OS to a specific region via name seems like the opposite of Open Source values… Then again, I suppose it could just be forked into a more generalized version
This is specifically for the public sector. The fact that it is open source make it adaptable to different scenarios.
Europe isn’t a region, it’s a brand.
Europe isn’t a brand, it’s a life/style.
See? That’s great branding.
Fedora is too much into RedHat, and that’s an American company, it depends on it. You’ll have to go at least Arch, or Debian (which are more community-driven), or Ubuntu or Mint (that are European). But I wouldn’t use anything Redhat-produced for an EU OS.
SUSE/OpenSUSE seems like a much more European option
Τοο bad I don’t like it as a distro… I find it ugly, e.g. the ancient yast gui it has. I’d prefer Debian myself, or a fork of it (if politically necessary).
So you find Gnome & KDE ugly? I’ve never needed to use Yast for any system configuration. Having BTFRS with snapshots as default makes it a great distro.
Fedora Origin: USA
No, thanks. 🙅
alternative POV: it’s entirely FOSS so there’s little control that can be exerted from its use. it’s also entirely free, so use is extracting value without providing anything in return. by its use, you’re taking resources to maintain, host, etc and providing nothing in return
similar reason to why i don’t use ecosia with an ad blocker: by blocking ads you’re using their resources without giving back and thus you’re taking resources away from the charity
I think the point is, you just don’t support products from countries led by dictators. I wouldn’t use an OS from North Korea, no matter how free it was. LOL
In my case, the US is worse than North Korea, because they threaten the existence of my country (Canada) on a daily basis.
And for the EU, they have as much reason to distance themselves from Americans than I do.
There are far too many alternatives from other countries to even entertain an American distro. My opinion, anyway.
This is true, but then why not base it off Guix (the GNU distro)? …I’m sure Fedora is full of binary blobs and not-so-free software.
If they needed it, they could still add extra software and blobs to Guix, sourced by the EU… and I think doing that would allow it to carve itself a niche (a version of Guix with more compatibility would be interesting for many) rather than sticking a white label on Fedora and call it something else. I don’t see a lot of value on this over just using Fedora directly, I’m not sure if it’s true that Fedora & Red Hat do not benefit from this… wouldn’t their support agents be able to just start providing support also to EU OS customers if they (both customers and support agents) want? Wouldn’t it make it more interesting for private companies working closely with the government to choose Red Hat as a partner when it comes to enterprise Linux?
I guess we’ll have to see how much they customize it, but in my experience with previous attempts, I’m expecting just a re-skin, just Fedora with different theme. At most, with some extra software preinstalled. I don’t think that’s a threat to Fedora or Red Hat, but rather an opportunity for expansion.
I’m sure Fedora is full of binary blobs and not-so-free software
fedora is staunchly opposed to non-free software in their default distro … that spat a few weeks ago with OBS was related to that AFAIK
unsure about like signed blobs for “security” services but i imagine they’d be very limited, and optional
rather than sticking a white label on Fedora and call it something else
but for what benefit? no matter what’s trying to be achieved, starting with a very full-featured, robust OS that’s widely used is going to serve you very well… not just technically (less work for the same outcome), but for human reasons
there are loads of guides out there for how to fix fedora issues, few for guix… loads of RPMs that are compatible with fedora, and i can only imagine fewer packages for guix
and then if you’re talking about server OSes - and actually workstations too - managing them with tools like ansible etc… fedora is going to have off the shelf solutions
just Fedora with different theme
well, the actual software and configuration i’d argue aren’t the important part - owning the infrastructure is the important part… package mirrors, distribution methods (eg a website), being able to veto or replace certain packages, and the branding (or regulation) that draws people to it… being able to roll out a security patch to every installation without a 3rd party okaying it, for example
The spat with the OBS devs was due to a fedora package maintainer refusing to package OBS with an older library for their own Fedora Flatpak repo, despite the newer library causing severe breakage with OBS (which is why the OBS devs held it back in the flathub release).
I don’t think there are many distributions that are truly free, at least not in the eyes of the FSF. Fedora is not one of them.
but for what benefit? […] fedora is going to have off the shelf solutions
Yes, but that’s my point: fedora is already fully featured… the work needed is trivial, to the point that directly using an installation of fedora by itself (along with tools like ansible) wouldn’t be very different from doing he same with EU OS… at that point you don’t need a whole new distro, just Fedora and maybe some trivial scripts (which you are gonna need anyway in any large scale installation, even if you went with EU OS).
Imho, there would be more value if something actually novel was used, and new guides and howtos were created to simplify/clarify things that used to be hard. What would be a pity is to spend a lot of euros for something that is trivial to do, and that only helps filling the pockets of some corrupt politician’s friend. I mean, I’m not against a simple thing, but then I’d hope they at least showed how they will be spending the budget on some other way (marketing? …will there be actual custom software? …are they gonna maintain the entire repo themselves?).
well, the actual software and configuration i’d argue aren’t the important part - owning the infrastructure is the important part…
But I was not arguing against that. And if they did promise to do that, then that would be different. The problem is precisely that I’m expecting them to NOT own most of the infrastructure and instead rely on Fedora repositories, because from experience that’s how these things usually go.
I repeat the full context of the section you quoted: “I guess we’ll have to see how much they customize it, but in my experience with previous attempts, I’m expecting just a re-skin, just Fedora with different theme”
Maybe you have a different experience with government-managed distros, but there have been some attempts at that in my (european) country that were definitely not much more than a reskinned Ubuntu (and before that, Debian) from back in the day. They used Ubuntu repositories (ie. Ubuntu infrastructure), and the only extra repo they added was not a mirror, but just hosted a few packages that were actually produced by them and were responsible for the theming, reskining and defaults. They used metapackages that depend on upstream packages to control what was part of the default desktop environment, there might have been a few more extra packages (mainly backports), but very few and always lagging behind alternative backport repos. Uninstall the metapackage (which you might do if you wanna remove some of the preinstalled things) and it literally was Ubuntu straight from Ubuntu official repos. There was no filtering, no veto, no replacing, no mirroring.
Also, just to keep things grounded in the initial point: do you really think that Fedora / Red Hat would not benefit at all from it?
rofl, Fedora for EU what a joke…
Why Fedora? Sorry, but there are so many European options, it makes no sense to build a European house on an American basement.
Probably since it’s the main redhat upstream and they want the advantage of already widespread usage.
Although at that point why not OpenSUSE for the same reason you mentioned.
Security is a big focus for gov usage, why not base off of Debian?
Rolling release/bleeding edge means security updates roll out fast.
Regular release distros do security updates, backported if needed. Rolling release means introducing unknown security bugs until they are found and fixed. To me, the whole dilemma between regular and rolling is do I want old bugs or new bugs? But the security bugs get fixed on both.
Suse is the first thing that came to mind
It’s still open source
if you’re not paying it doesn’t really matter. open source belongs to everyone; it’s a disservice to put it in the same bag as, say, a Microsoft or Apple OS.
plus how far removed is enough? are we going to scrutinize what programming languages were used and where they originated as well?
Open source is free for everyone, I think the objection is more about an american company being able to directly influence the decisions, operating under US jurisdiction, etc.
Much like when IBM bought RH and then axed CentOS?
