What's the future of Linux distributions? Containers, npm, linuxbrew, snaps join their friends container-optimized Linux and minimal distro images and make the future of APT and RPM a little bit... cloudy. How is open source software delivery and package management changing, and where are distributions going and what it means for Linux system administrators?
Originally presented at Texas LinuxFest 2019 in Irving, TX
The Future of
José Miguel Parrella
Tensions are more
Attributes of a
From distributing software...
Kernel & firmware
apt + fwupd
curl | sh
Mix of packages
...to distributing state
• Linux ended up everywhere
• New forms of Linux
• The network became faster and more
• We changed how we look at distributed
• It became harder to always represent
state as a file
• Pets gave way to cattle
Kernel & firmware
It's been getting specialized!
• Library managers
• From CPAN and PyPI to NPM and
• Next-gen package management
• Container image specification,
Helm charts/CNAB & registries
• Use cases where provenance
is controlled by final distributor
Ecosystem Debian Upstream Coverage
Ruby 1100 9300 11.83%
Perl 3700 31000 11.94%
Python 3700 118000 3.14%
Node.js 1300 350000 0.37%
All-up libs 30K 2.8M 1.07%
Docker Hub ? 2.3M N/A
~0 ? ~0
Source: libraries.io, APT lists, Docker Hub (2018)
we trying to
• Push the packaging responsibility upstream?
• Be able to distribute non-free software more
effectively and/or monetize?
• Provide additional container and application
• Reduce the size of a Linux distribution?
• Make it easier to package for Linux by removing
• Immutable, composable and reproducible
• Support cloud distribution models?
• Make the software experience easier and
better for Linux desktop users?
Package managers Associated distros (if applicable)
• Atomic unit of software distribution (snap,
• What the unit actually is (tarred source,
• What the unit metadata describes
(dependencies, origin, checksums, etc.)
• Where the unit comes from (repository
• Core repository concepts (e.g., channels,
governance, login, proprietary software, etc.)
• How are updates delivered?
• What’s the isolation/sandboxing story?
• Universe (size) and type of apps
• How packages are built (developer tooling)
• Source vs. binary, binary caches, etc.
• Any components of the system not managed as a
• Upgrade/rollback strategy (e.g., dual partitions
• What software is available (e.g., in bundles) and
• What versions of said software? How is
• Is it a rolling release?
• How are end users expected to bring their
• How system state is described (e.g., version
hashes, all-up system release numbers)
• Coexistence with other packaging systems
• How is package provenance validated?
What type of software is available? How is it distributed? Who seems to be gravitating towards it?
What else do
• Rich dependencies/metadata
• Ability to automate operations (particularly
• Ability to compose from multiple repositories
• Signatures and other mechanisms to prevent
o Mixing multiple release cadences
o Distributing multiple kinds of artifacts
oSource provenance/supply chain security
SW supply chain
Identity and fingerprinting
• Slides posted to Speaker Deck
• Find me on Twitter and GitHub: @bureado
• Web: www.jmp.soy
• See you tonight at Lightning Talks!
Name Atomic unit
Isolation Runtimes Core value prop Use case focus Related Depends
Snap Snap(squashfs) Stores
Proprietary apps and
Nix Paths Nixpkgs 6,500
None (other than
Atomic upgrades and
Guix Paths Hydra 7,660
None (other than
Ease of use
Universal GuixSD Guile
) to 380
Optional via firejail N/A 1 app = 1 file Desktopapplications Firejail N/A
swupd Bundles Repos 180 N/A
in the cloud
Helm Charts Hub 280 Kubernetes pods N/A
Data, Dev Tools CNAB K8S