Meet Wolfi: the Linux Distro Designed to Shrink Your Supply Chain - The New Stack
It’s been more than 30 years since Linus Torvalds created the Linux kernel and distributed its first version. When we reflect back on the early days of free software adoption, massive credit of course should be given to Debian, FreeBSD and other open source FOSS distributions, which provided stability guarantees, came pre-packaged with common utilities, and spared users from having to manually install everything.
But the world is wildly different than it was in the 90s, and while certainly there are a number of examples of distros that have done great work around security–in many ways, modern software consumption patterns, such as the use of Docker to build software and the use of curl-pipe-bash commands to install software has created software supply chain security challenges. The world has largely moved on from the traditional FOSS distribution model through these workarounds, while losing the advantages of acquiring software through a curated distribution, such as the vulnerability management provided by distributions.
Let’s take a look at the evolution of software distributions, the areas where modern developer needs have outgrown some of the conventional wisdom at the cost of security, and take a closer look at Wolfi — a rolling-release Linux distro built around modularity and re-targetability, which provides primitives useful to meet the supply chain security requirements of modern users, while also providing the stability of multiple application version streams.