Vincenzo Ciaglia is the author and main developer of Netwosix, a GNU/Linux system aiming to become the best distro for who works everyday with computer networks and is interested in security.
After reading some post on Slashdot and Linux World Magazine about this system, curiosity grew in me. So I decided to interview Vincenzo to get a more complete opionion on this GNU/Linux system. Happy reading!
Let’s start with an introduction. Tell us something about you…
Vincenzo Ciaglia: I am 19 years old and I study IT at the University of Salerno, with a specialty in “Computer Networks”. I’ve been a Linux user for more than 5 years and I use GNU/Linux both on my desktop pc and in a network environment. I have written for various italian Linux magazines and at present I write security related articles for Linux-Magazine. I also manage for it a column called “Vulnerability News”. I like programming, in particular with C and Perl. I think they are two of the best programming language available today.
How did you decide to create a new distro ? Which distributions did the dev team use ?
Vincenzo Ciaglia: The idea of creating a new distro was born thinking about the needs of a network admin working with GNU/Linux. I believe that a specialized distro, in our case with a focus on network use and security, should be minimal and equipped with the best software available. For this reason the first thing installed is a minimal base system, then the user can install other software that comes with the cd, choosing only the packages that he really needs. Using this approach we reduce the install time. In fact, a Netwosix system can be up and running in less than 5 minutes [As for other distro] We sometimes work also with Debian and Slackware.
Is Netwosix derived from some already existing distro or is it built from scratch?
Vincenzo Ciaglia: The 1.x Branch is completely built from scratch. Branch 2.x, however, is partially based on Crux Linux, a lightweight and versatile distro, intended for desktop systems.
Which criteria does the dev team use in choosing packages to be included in the distro?
Vincenzo Ciaglia: We have no “criteria” as such. Usually we include every package used by experts in the field. We are open to include packages suggested by users if really useful. We try to satisfy everyone, when possible.
Packages’s config files are modified to increase system security or are the default config files?
Vincenzo Ciaglia: At the moment we use default config files but we’ll try our best to increase security in each package. I have thought about creating a remote management tool to control the entire system, ala Engard Secure Linux. I think this is the only thing missing before we become the best distro in this field.
Packages are signed with GnuPG? Does Nepote implement some kind of security system to grant packages authenticity?
Vincenzo Ciaglia: Every package has its own MD5 cheksum but we are working on a way to guarantee package authenticity. I hope to include this in the next release. That’s why we have released a RC, there is yet something to be adjusted and Nepote is the most likely culprit.
Will Xorg be included in next relaese? Why?
Not in the official CD but I suppose that in a near future we will port X.org to Nepote. This way, it’ll be much easier to install.
How do you justify the use of extremely new kernels ? The included kernel comes from linux.org or it is a security patched kernel?
Vincenzo Ciaglia: When I released the 1.x version of Netwosix with a 2.6 kernel everyone said I was crazy. It was the first distro shipping this kernel. Other distributions started using it only a couple of months later. So, I’m not so crazy. 126.96.36.199 satisfies me also in a network environment, so I don’t see any reason to not use it. In the future, though, we could let the user choose: a 2.6.x kernel or a 2.4.x kernel. We’ll see.
At the moment we use a vanilla kernel but, as for the rest of distro, we will work on kernel patches to increase system security.
Are two persons enough to manage the development of a security oriented distro?
Vincenzo Ciaglia: For now, two persons are enough. We hope to have more people involved in the project in the future. This morning (2006-01-03) one guy has offered to help with the project’s web site restyling. I take this opportunity to invite your readers to try Netwosix and help us with development.
Which services are active by default, at the end of the install process?
Vincenzo Ciaglia: None, to allow the user the greatest possible level of system customization. I am a little paranoid on this aspect, and it shows!
Is Netwosix ready for production systems?
Vincenzo Ciaglia: Yes, I think so. With the passing of time I hope the project will mature ever more and will offer a distro ready for any kind of production system.
5 reasons why a user should start using Netwosix?
Vincenzo Ciaglia: Security by default, simple design. stability, customization and a lightweight installation
Isn’t OpenBSD already very secure ? What more does Netwosix offer in this respect ?
Vincenzo Ciaglia: I have always appreciated OpenBSD for its security orientation, to answer to this question I could speak about the ethics that ties a user to a Linux kernel. Netwosix is a good alternative to OpenBSD for this reason … and it is simpler to install With the next releases we will try to get nearer to the OpenBSD model, but using our dear, old Linux kernel.
5 ideas for future Netwosix developments
Vincenzo Ciaglia: Creation of a remote management tool, increasing of the portage tree with 300/400 packages, fostering a great virtual community of Netwosix users, better package security with non-default options and keeping up the hard work done up to now.
Thank you. Keep up the good work!
Vincenzo Ciaglia: Thank you