We’re excited to see that Red Hat has decided to offer flatpak runtimes for RHEL with a ten year security fix plan.
An in-depth explanation of flatpak and runtimes is beyond the scope of this article (and anyway, Owen’s post does a better job than I could) but in basic terms, a runtime allows us to bundle up a set of software dependencies into one file, which can then be easily and safely deployed without affecting/compromising host systems. It allows us to minimise the effects of “dependency hell”.
Red Hat’s approach will clearly help to reduce the long-term maintenance burden for RHEL users who are unable or unwilling to upgrade their applications. It’s a serious commitment, since the cost of ensuring backwards compatibility can rise significantly as the years roll by.
The approach taken on the community-supported runtime freedesktop-sdk focuses on binary compatibility and frequent updates using CICD. Each release is supported for two years, with a strong emphasis on keeping up-to-date with upstream and helping the upstream developers to address incompatibilities as easily as possible.
Codethink’s experience on upgrading vs super-long-term backporting is that it’s normally much cheaper and easier to keep doing the maintenance/updates on a regular basis, rather than sticking with old versions as upstream moves further and further ahead. Red Hat’s team is extremely experienced and clearly capable of making this model work, but we’ve seen many situations where a platform provider has failed to consider the long-term implications of sticking with a specific software release.
From our point of view it’s a bit like maintaining a house, or a car… if you do the servicing regularly you’re much less likely to suffer an unpleasant surprise later.
In one classic example, we worked with a client struggling keeping their production systems live with an out-of-date kernel maintained by a full time team of thirty people. Just by upgrading and moving to a regular update model we were able to save more than 90% of their ongoing costs. Get in touch if you’d like us to help you save money too! :-)
Other Articles
- RISC-V: Codethink's first research about the open instruction set
- Meet the Codethings: Safety-critical systems and the benefits of STPA with Shaun Mooney
- Why Project Managers are essential in an effective software consultancy
- FOSDEM 2021: Devroom for Safety and Open Source
- Meet the Codethings: Ben Dooks talks about Linux kernel and RISC-V
- Here we go 2021: 4 open source events for software engineers and project leaders
- Xmas Greetings from Codethink
- Call for Papers: FOSDEM 2021 Dev Room Safety and Open Source Software
- Building the abseil-hello Bazel project for a different architecture using a dynamically generated toolchain
- Advent of Code: programming puzzle challenges
- Improving performance on Interrogizer with the stm32
- Introducing Interrogizer: providing affordable troubleshooting
- Improving software security through input validation
- More time on top: My latest work improving Topplot
- Cycling around the world
- Orchestrating applications by (ab)using Ansible's Network XML Parser
- My experience of the MIT STAMP workshop 2020
- How to keep your staff healthy in lockdown
- Bloodlight: A Medical PPG Testbed
- Bringing Lorry into the 2020s
- How to use Tracecompass to analyse kernel traces from LTTng
- Fixing Rust's test suite on RISC-V
- The challenges behind electric vehicle infrastructure
- Investigating kernel user-space access
- Consuming BuildStream projects in Bazel: the bazelize plugin
- Improving RISC-V Linux support in Rust
- Creating a Build toolkit using the Remote Execution API
- Trusting software in a pandemic
- The Case For Open Source Software In The Medical Industry
- My experiences moving to remote working
- Impact of COVID-19 on the Medical Devices Industry
- COVID-19 (Coronavirus) and Codethink
- Codethink develops Open Source drivers for Microsoft Azure Sphere MediaTek MT3620
- Codethink partners with Wirepas
- Testing Bazel's Remote Execution API
- Passing the age of retirement: our work with Fortran and its compilers
- Sharing technical knowledge at Codethink
- Using the REAPI for Distributed Builds
- An Introduction to Remote Execution and Distributed Builds
- Gluing hardware and software: Board Support Packages (BSPs)
- Engineering's jack of all trades: an intro to FPGAs
- Bust out your pendrives: Debian 10 is out!
- Why you should attend local open source meet-ups
- Acceptance, strife, and progress in the LGBTIQ+ and open source communities
- Codethink helps York Instruments to deliver world-beating medical brain-scanner
- Codethink open sources part of staff onboarding - 'How To Git Going In FOSS'
- Getting into open source
- How to put GitOps to work for your software delivery
- Open Source Safety Requirements Analysis for Autonomous Vehicles based on STPA
- Codethink engineers develop custom debug solution for customer project
- Codethink contributes to CIP Super Long Term Kernel maintenance
- Codethink creates custom USB 3 switch to support customer's CI/CD pipeline requirements
- Codethink unlocks data analysis potential for British Cycling
- MIT Doctor delivers Manchester masterclass on innovative safety methodology
- Balance for Better: Women in Technology Codethink Interviews
- Introducing BuildGrid
- Configuring Linux to stabilise latency
- GUADEC 2018 Talks
- Hypervisor Not Required
- Full archive