Sunday, March 16, 2014

Crypto Upgrades for Fedora 21

The Fedora Engineering and Steering Committee has approved a slew of new features in the latest iteration of Red Hat's Fedora distribution of Linux: Fedora 21. Even as the deadline for specifying the final changes in Fedora 21 draws nearer, precisely on 8 April, it is now clear that the release will come with crucial security, crypto upgrades.

Thanks to a new system wide policy, all applications running on a given Fedora system can have a consistent level of cryptography set between them. This will unify the crypto policies used by different applications and libraries in Fedora 21. In terms of security, Fedora 21 would have a set of predefined levels that will individually define various cryptography related behaviors. The changes in crypto and security levels would eventually require changes in the likes of GnuTLS recently marred by a long-undetected bug that could have allowed potential data theft via a specially crafted encryption certificate. Keeping all this in mind, the final set of changes in Fedora 21 is still under wraps.

Meanwhile, other proposed changes include:

a. PC/SC smart cards management improvements. 

b. Inclusion of 'Dandified Yum' (DNF), Fedora's replacement for the yum package manager. It must be noted that DNF won't be a replacement to yum, but could be used side-by-side with yum after manual installation.

However, keep in mind that this is not the final list of features for Fedora 21. There might be additions and subtractions to it in the days to come, the deadline being 8 April. Fedora 21 is expected to be out by October 21.

No comments:

Post a Comment