Home Home
Sign up | Login

Author Archive

Changing the Chair of the openSUSE Board

August 19th, 2019 by

Dear Community,

After six years on the openSUSE Board and five as its Chairperson, I have decided to step down as Chair of the openSUSE Board effective today, August 19.

This has been a very difficult decision for me to make, with reasons that are diverse, interlinked, and personal.
Some of the key factors that led me to make this step include the time required to do the job properly, and the length of time I’ve served.
Five years is more than twice as long as any of my predecessors.
The time required to do the role properly has increased and I now find it impossible to balance the demands of the role with the requirements of my primary role as a developer in SUSE, and with what I wish to achieve outside of work and community.
As difficult as it is to step back from something I’ve enjoyed doing for so long, I am looking forward to achieving a better balance between work, community, and life in general.

Serving as member and chair of the openSUSE Board has been an absolute pleasure and highly rewarding. Meeting and communicating with members of the project as well as championing the cause of openSUSE has been a joyous part of my life that I know I will miss going forward.

openSUSE won’t get rid of me entirely. While I do intend to step back from any governance topics, I will still be working at SUSE in the Future Technology Team. Following SUSE’s Open Source policy, we do a lot in openSUSE. I am especially looking forward to being able to focus on Kubic & MicroOS much more than I have been lately.

As I’m sure it’s likely to be a question, I wish to make it crystal clear that my decision has nothing to do with the Board’s ongoing efforts to form an independent openSUSE Foundation.

The Board’s decision to form a Foundation had my complete backing as Chairperson, and will continue to have as a regular openSUSE contributor.
I have absolute confidence in the openSUSE Board; Indeed, I don’t think I would be able to make this decision at this time if I wasn’t certain that I was leaving openSUSE in good hands.

On that note, SUSE has appointed Gerald Pfeifer as my replacement as Chair. Gerald is SUSE’s EMEA-based CTO, with a long history as a Tumbleweed user, an active openSUSE Member, and upstream contributor/maintainer in projects like GCC  and Wine.

Gerald has been a regular source of advice & support during my tenure as Chairperson. In particular, I will always remember my first visit to FOSDEM as openSUSE Chair.
Turning up more smartly dressed than usual, I was surprised to find Gerald, a senior Director at SUSE, diving in to help at the incredibly busy openSUSE booth, and doing so dressed in quite possibly the oldest and most well-loved openSUSE T-shirt I’ve ever seen.
When booth visitors came with questions about SUSE-specific stuff, I think he took some glee in being able to point them in my direction while teasingly saying “Richard is the corporate guy here, I’m just representing the community..”

Knowing full well he will continue being so community minded, while finally giving me the opportunity to tease him in return, it is with a similar glee I now hand over the reigns to Gerald.

As much as I’m going to miss things about being chairperson of this awesome community, I’m confident and excited to see how openSUSE evolves from here.

Keep having a lot of fun,

Richard

Note: This announcement has been cross-posted in several places, but please send any replies and discussion to the opensuse-project@opensuse.org Mailinglist. Thanks!

openSUSE – Meltdown & Spectre Update – 26 Jan 2018

January 26th, 2018 by

Hi folks,

This is an update to our current Meltdown and Spectre situation on openSUSE Leap and Tumbleweed.

We have released kernels with initial Meltdown and Spectre mitigations begin of January.

For openSUSE Leap 42.2 and 42.3 we released updates on January 5th.

For openSUSE Tumbleweed we released 4.14.11, 4.14.12 and 4.14.13 kernels in the first weeks of January.
Initially there were some bugs with those kernels and 32bit binaries, which were finally fixed with 4.14.13.

What is currently released:

– The Meltdown attack is fully mitigated by the Kernel Page Table Isolation feature (KPTI) with those Linux Kernel updates.

– The Spectre Variant 1 attack for the Linux kernel is mitigated with various speculative fences added throughout the kernel code. We might add more in case some places have been missed.

– We released Qemu updates for passing through CPU flags for Variant 2 mitigations

– We released Firefox, Chromium, and Webkit2Gtk3 updates that remove the Javascript exploitation vector for Meltdown and Spectre.

What is partially mitigated:

– The Spectre Variant 2 … The initial kernel updates we have released require CPU Microcode updates.

While we have released updates for some Intel chipsets and also AMD Ryzen, the Intel CPU Microcode updates were later found to be unstable and have now been retracted.

Intel is currently working on better versions of the CPU Microcode, which we will ship once they become available.

For openSUSE Tumbleweed we have reverted the “ucode-intel” package to the pre-Spectre state.

For openSUSE Leap 42.2 and 42.3 we have retracted the updated “ucode-intel” packages, so it is necessary to downgrade them manually if you are encountering problems like MCE errors.

This can be done by:

– openSUSE Leap 42.2: zypper in -f ucode-intel-20170707-7.6.1
– openSUSE Leap 42.3: zypper in -f ucode-intel-20170707-10.1

What will come soon:

– We are working on Spectre Variant 2 mitigations using so called “retpolines” (“return trampolines”), that largely remove the need for firmware mitigations.

We already released gcc48 system compilers for Leap and gcc7 for Tumbleweed with support for this code

We are working on Linux Kernel updates that will enable retpoline support and so mitigate Variant 2.

– XEN updates

The XEN team is developing methods to mitigate Meltdown and Spectre and once they become available we will be also releasing XEN updates for them.

 

Current Status: openSUSE and “Spectre” & “Meltdown” vulnerabilities

January 4th, 2018 by

Hi folks,

By now you probably heard about the new “Spectre” and “Meltdown” side channel
attacks against current processors.

openSUSE, same as almost all other current operating systems, is affected by
these problems.

For SUSE Linux Enterprise we posted these blog and technical information
pages that in their descriptions also match openSUSE, so I would not duplicate
all of this information:

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

https://www.suse.com/support/kb/doc/?id=7022512

SUSE engineers have been working with other hardware and operating systems
vendors to prepare patches to mitigate these flaws over the last weeks
and have been preparing updates.

As the embargo was lifted last night, we could now also start openSUSE
updates.

For openSUSE Leap 42.2 and 42.3, we have the advantage that the
kernel codebase is shared between SUSE Linux Enterprise 12 SP2 and SP3
respectively, so the work mostly consisted of simply merging git branches.

The openSUSE Leap 42.2 and 42.3 kernel updates are currently building
and once they have passed a quick openQA check they will be released.

For openSUSE Tumbleweed we have ported patches on top of Linux Kernel 4.14
and a submission against the Factory projects has been done.

Here also a quick openQA check will be run and then it will be released
for our Tumbleweed users in the next days.

Additionally, these updates are accompanied also by ucode-intel,
kernel-firmware and qemu updates needed for one variant of the Spectre
Attack.

Regards,

Marcus Meissner & the openSUSE Security Team

Statement on the recent Merger announcement

September 17th, 2014 by

Dear openSUSE Community,

As you might be aware, SUSE’s parent entity, the Attachmate Group has entered into an agreement to merge into Micro Focus, a UK-based enterprise software company. As the primary sponsor of the openSUSE Project, SUSE’s President and General Manager, Nils Brauckmann has contacted the openSUSE Board to share the following key points

  • Business as Usual: There are no changes planned for the SUSE business structure and leadership. There is no need for any action by the openSUSE Project as a result of this announcement.

  • Commitment to Open Source: SUSE remains passionately committed to innovation through Open Source. This has always been the foundation of our business and that will continue as we grow and innovate in new areas.

  • Commitment to openSUSE: SUSE is also fully committed to being a sponsor and supporter of an open, highly independent and dynamic openSUSE community and project. We are proud of openSUSE and greatly value the collaborative relationship between SUSE and the openSUSE community.

The combination of the Attachmate Group and Micro Focus creates a larger, global enterprise software entity, operating at a greater global scale. This provides an even stronger foundation for the continued investment in SUSE and our continued innovation through Open Source.

The openSUSE Board would like to thank Nils and SUSE for this reassuring statement. The Board is enthusiastic about the benefits the merger may bring to SUSE and ultimately also to our openSUSE Project.

If anyone has any questions, there will be an opportunity to raise them at todays (Wednesday 17th Sept) regular openSUSE Project Meeting at 15:00 UTC in #opensuse-project on the Freenode IRC network.

Regards,

The openSUSE Board