Fedora and Red Hat Leftovers (and Puff Pieces)
-
Fedora Project ☛ Fedora Community Blog: Announcing the Fedora 41 Global Watch Parties
With Fedora’s tradition of celebrating each release, we’re thrilled to introduce a more inclusive format this time around: Fedora Global Watch Parties. Instead of a single release party event, Fedora’s Global Watch Parties create three time slots across APAC, EMEA, and LATAM/NA, making it easier for everyone to participate in a way that fits their schedule and time zone.
Each Watch Party is designed to be easy to join, running around 1.5 hours. This shorter format means that more Fedora users, contributors, and community members can attend, connect, and engage. It’s a perfect opportunity to meet other Fedora community members, learn more about Fedora 41, and share the excitement of the release—no matter where you are.
-
SDx Central ☛ Is Red Hat ready to pounce on Broadcom’s VMware blunders?
Red Hat is one of a number of vendors that have seen increased interest from current VMware customers scouring the landscape for a potential new virtualization and hybrid cloud home due to Broadcom’s ongoing licensing changes at VMware, but timing of that opportunity remains fluid.
-
Silicon Angle ☛ Red Hat aims to drive Kubernetes Hey Hi (AI) solutions forward with collaborative innovation [Ed: Red Hat- and LF-sponsored puff piece]
Since KubeCon + CloudNativeCon in Paris, advancements in artificial intelligence have moved rapidly. This includes developments tied to Kubernetes Hey Hi (AI) solutions, plus advancements on bare metal and GNU/Linux in big hyperscale-type GPU deployments. With that in mind, the enterprise has been looking toward Kubernetes in a big way.
-
Red Hat Official ☛ Red Hat Recognized as a Leader in 2024 Gartner® Magic Quadrant™ for Cloud Application Platforms [Ed: Gartner is a highly corrupt firm that Red Hat should not wish to associate with]
-
TechTarget ☛ OpenShift AI boosts LLMOps chops with Neural Magic deal
Red Hat will buy a top contributor to a key LLMOps utility used by OpenShift AI that supports self-hosted large language models on standard hardware.
-
Red Hat Enterprise Linux 9.5 released with improved support for AI workloads
Red Hat unveiled the latest version of its enterprise Linux platform today, adding new security features and enhanced support for artificial intelligence workloads.
-
GNOME
-
GNOME ☛ Richard Hughes: Firmware SBoMs for open source projects [Ed: IBM: security means Microsoft and us control your PC remotely]
You might be surprised to hear that closed source firmware typically contains open source dependencies. In the case of EDK II (probably the BIOS of your x64 machine you’re using now) it’s about 20 different projects, and in the case of coreboot (hopefully the firmware of the machine you’ll own in the future) it’s about another 10 — some overlapping with EDK II. Examples here would be things like libjpeg (for the OEM splash image) or libssl (for crypto, but only the good kind).
It makes no sense for each person building firmware to write the same SBOM for the OSS code. Moving the SBOM upstream means it can be kept up to date by the same team writing the open source code. It’s very similar to what we encouraged desktop application developers to do with AppStream metadata a decade or so ago. That was wildly successful, so maybe we can do the same trick again here.
My proposal would to submit a
bom.jsonto each upstream project in CycloneDX format, stored in a location amenable to the project — e.g. in./contrib,./data/sbomor even in the root project folder. The location isn’t important, only the file basename needs to be predictable.Notice the CycloneDX word there not SPDX — the latter is great for open source license compliance, but I was only able to encode 43% of our “example firmware SBOM” into SPDX format, even with a lot of ugly hacks. I spent a long time trying to jam a round peg in a square hole and came to the conclusion it’s not going to work very well. SPDX works great as an export format to ensure license compliance (and the
uswidCLI can already do that now…) but SPDX doesn’t work very well as a data source. CycloneDX is just a better designed format for a SBoM, sorry ISO.
-