If you are building a non-consumer commercial system that uses embedded Linux, you will probably be interested in long term support. Now, what I mean by long term support is: Two (or five) years from now, will someone be providing me with security updates to the same version of software that I use today?

For example, if you run RedHat Enterprise on a desktop or server, you can be sure that 5 years from when a new release comes out, RedHat will still be providing you with security updates for the exact same versions of all the software you run. You won't be forced to upgrade to some new version of software provided by RHEL in order to continue getting security updates. Your kernel will stay the same version, your Apache will stay the same version, your Bash will stay the same version, and you'll only get little tiny changes that 99% of the time are due to security issues being fixed. The other 1% of the time is things that are actually seriously broken and need to be fixed. But overall, NO NEW VERSIONS OR FEATURES!

For desktop and server distributions, there's a lot of choice between paid for setups like this and community supported setups. You've got RedHat and Suse as the major players in the paid for sector, and Debian stable, Ubuntu LTS, and Scientific / CentOS in the community sector.

In the embedded landscape, there's companies like MontaVista and Wind River that supply longish term supported embedded Linuxes, much the same way RedHat does. But the on the community side, other than Emdebian, there's not a whole lot (that I've heard of) that provide a long term support system for embedded.

Many of the embedded distributions are focused on cutting edge stuff. Cutting edge is cool, it's hip, and it's where all the neat stuff happens. But if you're deploying a real product that's going to have to function for years and years at a customer site, you're not going to want to have to keep sending them software updates having cutting edge versions. Cutting edge versions means things break. Stable old stuff being updated only with tiny security fixes means things don't break, at least not usually more than they were before. If you're looking to make real money selling embedded non-consumer Linux systems, you're going to pick old stable stuff getting security updates, and if you need fancy new stuff, you'll become an expert in just that new fancy stuff, and you'll do your own security updates just for that one thing you need to be newer.

I understand that having long term support be a community activity is hard. Especially when there's a low number of developers. Small projects can't afford to spend developer time supporting old stuff if they want to continue moving forward. Bigger companies who get paid (like Wind River and MontaVista) can. And Debian can, but only because they've built up the support systems, platforms, and methods of working over a huge amount of time and with a huge community that's dedicated to just that. It's very hard to do.

Linux kernel has long term supported versions, but those only get updates for 2 years, then they assume the distributions will take care of further updates. This is awesome for short life commercial projects, but some commercial projects need to last longer than that. For those projects, your choices are really limited if you don't want to employ a huge number of experts to keep things stable and secure. For those projects, you're going to buy a long term support system from a vendor or need the support of a high quality community. Because of this, you're either going to pay, or you're going to use Emdebian.

What else is there for community support?



14 October 2011