I was invited to give a talk on Fedora and security in a IT conference about emerging trends in security in COEP, College of Engineering in Pune and I talked about our upcoming Fedora Security Spin for Fedora 13. I started out with a video of Truth Happens and that got such a overwhelming response with even a request for a rerun during the Q&A session which I was happy to oblige. I reused Joerg Simon’s slides from FOSS.In 2009 with some minor modifications and talked primarily about the nature of free and open source software and it’s impact on security. I discussed some features like SELinux, Fedora, Spins and some details about what we are attempting to do with Fedora Security Lab. Questions and answers were many but here is a sample:
* How can I propose a project to Fedora and what qualifications do I need and whom do I contact?
While we do some development, development for Fedora usually happens elsewhere with Fedora acting as a integration point. So usually you will be developing a free and open source project and be the upstream. You don’t need to be a Red Hat employee to contribute and all you need is some interest and you can learn the skills over time. Feel free to email me [insert email id]
* You mentioned NSA and SELinux. Why are they interested?
In short, because they are interested in doing research into OS security and they themselves or associated divisions are consumers of such technology and wanted it to be part of a mainstream operating systems.
* Can I download Fedora Security Lab? Not yet but we have a six month release cycle and this spin is part of our upcoming Fedora 13 release. Get it from http://spins.fedoraproject.org/security/
in a few months. * Loved the video. Where can I get it? Truth Happens and more is available publicly at redhat.com/films * I want to contribute to the Linux kernel and I don’t know C? Then you don’t want to contribute to the Linux kernel. Start with something more simple. Kernel is a highly technical project and has a naturally higher barrier to entry and while you might eventually learn the skills to contribute, it is always better to start with something much simpler. * We have a Free software users group and we have done the usuals (install fests etc) to get started. What can we do going forward? Focus on contributions. Learn a easy to learn programming language like Python. If you are interested in Fedora, learn RPM packaging. If you need help in getting started, drop me a email. * Can I get RHEL for educational or development purposes. I am doing a clustering project based on it? Red Hat does have a special subscription for educational institutions which is cheaper but if you don’t need a support contract, you might download a free rebuild like CentOS. * I am interested in being a sys admin. What certification would be useful for me? More than certifications, practical knowledge is going to be more useful and Red Hat does offer a hands on certification called RHCE focussed on sys-admins. We have training centers from partners. Go to Red Hat website for more details but do your homework first. * What about internships? We have a few projects that you might want to get involved with. Email me for details…