[cgl_discussion] A concept/framework not a distribution ?

Mico Naddeo mico at nortel.com
Tue Mar 20 07:00:13 PDT 2007


I understand that you are not familiar with the term distribution so let
me explain this. A distribution is a set of linux software tested and
validated to a linux kernel. It is then productized by the
"distributor". A distribution is also a set of software aimed at
different users (desktop, server, education, etc) so the software
included per individual distribution will vary. The distributor (in your
case the telecom vendor) is resposible for maintaining the included
software and releasing patches for this. They may develop their own
patches or use community developed patches.
The fact that they adhere to the CGL requirements provides only the
guarantee that their implementation meets certain standards. It does not
say anything on how fast patches are released etc.

See this wiki link for more explanation of a distribution:

Hope this helps.



-----Original Message-----
From: hwoehle at arcor.de [mailto:hwoehle at arcor.de] 
Sent: Friday, March 16, 2007 08:20
To: cgl_discussion at lists.osdl.org
Subject: [cgl_discussion] A concept/framework not a distribution ?

Let me first introduce myself:
I am Manager for Information Security and Data Protection/Privacy at a
Telco in Germany.

An outfitter of some of our new VoIP Equipment answered to my question
about system-Security and hardening, that i must not be worried about it
why they are using Carrier-Grade-Linux and it is high-secure by design.
I search along the internet and googled a little about CGL and came to
the conclusion, that CGL is not a distribution but a framework or better
a sum of requirements a distribution have to meet to be a
And so the security part have to be done from the "distribution"
Can some untangle that for me ?

With kind regards

More information about the cgl_discussion mailing list