Microsoft is seeking membership to Linux-distros mailing list for early access to security vulnerabilities

3 min read

Microsoft is now aiming to add its own contributions and strengthen Linux, by getting an early access to its security vulnerabilities. Last week, Microsoft applied for membership to join the official closed group of Linux, called the Linux-distros mailing list. The Linux-distros mailing list is used by Linux distributors to privately report, coordinate and discuss security issues. The issues revealed in this group are not made public for 14 days. Members of this group include Amazon Linux AMI, Openwall, Oracle, Red Hat, SUSE and Ubuntu.

Sasha Levin, a Microsoft Linux kernel developer has applied for the membership application on behalf of Microsoft, to join the exclusive group. If approved, it would allow Microsoft to be part of the private behind-the-scenes chatter about vulnerabilities, patches, and ongoing security issues with the open-source kernel and related code. These discussions are crucial for getting early information and coordinating the deployment of fixes before they are made public. One of the main criteria for membership in the Linux-distros mailing list, is to have a Unix-like distro that makes use of open source components. 

To indicate that Microsoft deserves this membership, Levin has cited Microsoft’s Azure Sphere and the Windows Subsystem For Linux (WSL) 2 as examples of distro-like builds. 

Last month, Microsoft announced that Windows Subsystem for Linux 2 (WSL 2) is available in Windows Insiders. With availability in build 18917, Windows will now be shipping with a full Linux kernel. This will allow WSL 2 to run inside a VM and provide full access to Linux system calls. The kernel will be specifically tuned for WSL 2 and will be fully open sourced with the full configuration available on GitHub. This will enable users for a faster turnaround on updating the kernel, when new versions become available. Thus the new architecture aims to increase file system performance and provide full system call compatibility, in a Linux environment.

Levin also highlighted that Microsoft’s Linux builds are open sourced and that it contributes to the community. Levin has also revealed that Linux is used more on Azure than Windows server. This does not come as a surprise, as this is not the first time that Microsoft is being aligned to Linux. There are at least eight Linux-distros available on Azure. Also Microsoft’s former CEO Steve Balmer, who has previously quoted Linux as “Cancer”, now says that he loves Linux

This move by Microsoft to embrace Linux, is being seen as Microsoft’s way of staying relevant in the industry. In a statement to Register, the open-source pioneer Bruce Perens says that, “What we are seeing here is that Microsoft wants access to early security alerts on Linux,  They’re joining it as a Linux distributor because that’s how it’s structured. Microsoft obviously has a lot of Linux plays, and it’s their responsibility to fix known security bugs as quickly as other Linux distributors.

Most users are of the opinion that, Microsoft embracing Linux was bound to happen. With its immense advantages, Linux is the default option for many.

A user on Hacker News says that,  “The biggest practical advantage I have found is that Linux has dramatically better file system I/O performance. Like, a C++ project that builds in 20 seconds on Linux, takes several minutes to build on the same hardware in Windows.”

Another user comments that, “I’m surprised it took this long. With Linux support for .NET and SQL Server, there is zero reason to host anything new on Windows now (of course legacy enterprise software is another story). I wouldn’t be surprised if Windows Server is fully EOL’d in a few years.”

Another user wrote that, “On Azure, a Windows VM instance tends to cost about 50% more than the equivalent instance running Linux, so it is a no brainer to use Linux if your application is operating system independent.”

Another comment reads, “Linux is the default choice when you set up a VM.”

Read Next

Debian GNU/Linux port for RISC-V 64-bits: Why it matters and roadmap

Netflix security engineers report several TCP networking vulnerabilities in FreeBSD and Linux kernels

Unity Editor will now officially support Linux