Linus Torvalds speaks at Open Source Summit 2022 event
At today’s Open Source Summit event, Torvalds reunited with old friend Dirk Hohndel (CEO of the Cardano Foundation) to chat about everything from open source security to new technologies and the impact of the pandemic on Linux development.
Torvalds noted that COVID-19 has undoubtedly had a negative impact on many in the Linux community, but things haven’t gone bad for long.
In the first few months of strict epidemic prevention, the productivity of Linux developers has increased. After all, they are used to email communication, and most of them have adopted the way of working from home.
Second, Linux kernel development has remained relatively unchanged for the past 15 years. In 2005, Torvalds created the open-source Git version control system to help enable faster, more optimized development methods.
Over the years, Git has become a major driver of various open source development projects and powers services such as the open source code hosting platform GitHub.
Linux kernel development has been uneventful in the sense that we have a consistent process and release schedule.
We want to have a stable process so people don’t get upset about all the infrastructure changes.
What’s more, after working on Linux for over 30 years, Torvalds is amazed and delighted by the constant flow of new things in the kernel, and a lot of innovation, despite the somewhat tedious and largely predictable development process.
One of the big recent changes to Linux is the introduction of code developed in the open-source Rust programming language. Torvalds’ remarks — “Rust may be included in the next Linux kernel release” — drew a huge round of applause at the conference.
Linux kernel code is mostly written in C, but Rust is able to better utilize and protect the computer’s memory resources. Initially, though, the Linux kernel will only test the waters of Rust in a fairly limited way.
Torvalds reminded the audience that 25 years ago, he tried to fix the Linux kernel in C++, but it ended in failure.
In addition, Torvalds thinks it’s better to take it easy for some new and interesting things that technicians want to try.
Then the topic turned to the open source security that everyone has been paying attention to recently. The Open Source Software Foundation (OpenSSF) of the Linux Foundation said earlier that they will spend $150 million to protect the security of open source software.
A report this morning pointed out that there is still a lack of confidence in the overall security of open source. In this regard, Torvalds does not expect that open source software, including the Linux kernel, will always be 100% secure and bug-free.
Errors are always inevitable, and if they don’t occur at the hardware level, there is a high probability that they will occur at the software level.
Even if your own software performs well, other people’s software may not.
The only way to get adequate protection is to build a security layer.
Torvalds emphasized that the Linux kernel is just one layer of the overall application stack. At the bottom of the kernel, different parts of the process already have multiple layers of security.
For developers building entire application stacks, each layer in the battle needs to have some concept – what if there is a security hole? And if there are loopholes in the upper and lower layers of the application code, how can they be remedied?
Anyone who thinks they can get 100% security is living in some world of their dreams, but reality isn’t quite what you want it to be.