We’re excited to see that Red Hat has decided to offer flatpak runtimes for RHEL with a ten year security fix plan.
An in-depth explanation of flatpak and runtimes is beyond the scope of this article (and anyway, Owen’s post does a better job than I could) but in basic terms, a runtime allows us to bundle up a set of software dependencies into one file, which can then be easily and safely deployed without affecting/compromising host systems. It allows us to minimise the effects of “dependency hell”.
Red Hat’s approach will clearly help to reduce the long-term maintenance burden for RHEL users who are unable or unwilling to upgrade their applications. It’s a serious commitment, since the cost of ensuring backwards compatibility can rise significantly as the years roll by.
The approach taken on the community-supported runtime freedesktop-sdk focuses on binary compatibility and frequent updates using CICD. Each release is supported for two years, with a strong emphasis on keeping up-to-date with upstream and helping the upstream developers to address incompatibilities as easily as possible.
Codethink’s experience on upgrading vs super-long-term backporting is that it’s normally much cheaper and easier to keep doing the maintenance/updates on a regular basis, rather than sticking with old versions as upstream moves further and further ahead. Red Hat’s team is extremely experienced and clearly capable of making this model work, but we’ve seen many situations where a platform provider has failed to consider the long-term implications of sticking with a specific software release.
From our point of view it’s a bit like maintaining a house, or a car… if you do the servicing regularly you’re much less likely to suffer an unpleasant surprise later.
In one classic example, we worked with a client struggling keeping their production systems live with an out-of-date kernel maintained by a full time team of thirty people. Just by upgrading and moving to a regular update model we were able to save more than 90% of their ongoing costs. Get in touch if you’d like us to help you save money too! :-)
Other Content
- Using Git LFS and fast-import together
- Testing in a Box: Streamlining Embedded Systems Testing
- SDV Europe: What Codethink has planned
- How do Hardware Security Modules impact the automotive sector? The final blog in a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part two of a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part one of a three part discussion
- Automated Kernel Testing on RISC-V Hardware
- Automated end-to-end testing for Android Automotive on Hardware
- GUADEC 2023
- Embedded Open Source Summit 2023
- RISC-V: exploring a bug in stack unwinding
- Adding RISC-V Vector Cryptography Extension support to QEMU
- Introducing Our New Open-Source Tool: Quality Assurance Daemon
- Long Term Maintainability
- FOSDEM 2023
- Think before you Pip
- BuildStream 2.0 is here, just in time for the holidays!
- A Valuable & Comprehensive Firmware Code Review by Codethink
- GNOME OS & Atomic Upgrades on the PinePhone
- Flathub-Codethink Collaboration
- Codethink proudly sponsors GUADEC 2022
- Tracking Down an Obscure Reproducibility Bug in glibc
- Web app test automation with `cdt`
- FOSDEM Testing and Automation talk
- Protecting your project from dependency access problems
- Porting GNOME OS to Microchip's PolarFire Icicle Kit
- YAML Schemas: Validating Data without Writing Code
- Deterministic Construction Service
- Codethink becomes a Microchip Design Partner
- Hamsa: Using an NVIDIA Jetson Development Kit to create a fully open-source Robot Nano Hand
- Using STPA with software-intensive systems
- Codethink achieves ISO 26262 ASIL D Tool Certification
- RISC-V: running GNOME OS on SiFive hardware for the first time
- Automated Linux kernel testing
- Native compilation on Arm servers is so much faster now
- Higher quality of FOSS: How we are helping GNOME to improve their test pipeline
- RISC-V: A Small Hardware Project
- Why aligning with open source mainline is the way to go
- Build Meetup 2021: The BuildTeam Community Event
- A new approach to software safety
- Does the "Hypocrite Commits" incident prove that Linux is unsafe?
- ABI Stability in freedesktop-sdk
- Why your organisation needs to embrace working in the open-source ecosystem
- RISC-V User space access Oops
- Tracking Players at the Edge: An Overview
- What is Remote Asset API?
- Running a devroom at FOSDEM: Safety and Open Source
- Meet the codethings: Understanding BuildGrid and BuildBox with Beth White
- Streamlining Terraform configuration with Jsonnet
- Bloodlight: Designing a Heart Rate Sensor with STM32, LEDs and Photodiode
- Making the tech industry more inclusive for women
- Bloodlight Case Design: Lessons Learned
- Safety is a system property, not a software property
- RISC-V: Codethink's first research about the open instruction set
- Meet the Codethings: Safety-critical systems and the benefits of STPA with Shaun Mooney
- Why Project Managers are essential in an effective software consultancy
- FOSDEM 2021: Devroom for Safety and Open Source
- Meet the Codethings: Ben Dooks talks about Linux kernel and RISC-V
- Here we go 2021: 4 open source events for software engineers and project leaders
- Xmas Greetings from Codethink
- Call for Papers: FOSDEM 2021 Dev Room Safety and Open Source Software
- Building the abseil-hello Bazel project for a different architecture using a dynamically generated toolchain
- Advent of Code: programming puzzle challenges
- Full archive