Approachable, low barrier documentation about "Fedora as a secure distribution"

(Just tagged any group that seemed applicable, feel free to change)


Security is a complicated, complex and ever changing topic.

It involves tons of mechanisms like restricted access controls, package testing, secure build environments, vulnerability reaction speed, implementation of secure new technoligies, … (and I recently learned also package maintenance :fearful: )

It is also a balance between “being unusable, so people turn it off” and “being too weak”. @dwalsh :wink:


Fedora has it’s principles

  • Freedom
  • Friends
  • Features
  • First

Keeping those 4, you can argue that it is not only Freedom or First, but this always involves checks, adaptions and changes to guarantee it’s security.

For example, staying close to upstream, but adding kernel hardening, Firefox hardening etc.

Current state

Apart from the image we may have (“of course is Fedora a secure distro”), what do external people really think to k?

Search results

When searching for “Fedora Linux Security” I find:

  1. The Security Lab (Which is for pentesting and analysis, not a “most secure Fedora Workstation”. The name is okay, but leads to this issue.)
  2. Wiki: Security features overview (in some subchapter on DuckDuckGo, last edit 2022, but very useful)
  3. That links to Security Basics which is a draft, and last edited 2016
  4. That also links to SELinux wiki, the latest Fedora version with documentation linked is F22
  5. Somewhere hidden in the docs, I find it hard to find: SELinux starting guide by @pboy
  6. “do your updates” (nice and easy, but applies to all distros)
  7. A random Discourse post
  8. xz vulnerability
  9. Fido2 guide
  10. The “Fedora Security Matrix” which stops at F34 and RHEL8
  11. awesome Fedora security by @34N0 (a list of mostly third party components, scripts and projects

So, there is a lot of really great documentation out there, but it is all over the place, sometimes outdated, etc. This is the rough order I found it, even though some things should be listed further up.

“Distro comparisons”

When searching for “Ubuntu vs. Fedora”, some dont mention Security. This strange site mentions Canonicals “security updates” multiple times. This one is way better, noting how unhardened Ubuntus defaults are, but using the word “paranoid”.

This one is a bit unspecific, but has a point.

Despite its focus on new technology, Fedora is also known for its stability and security. It is designed to be a reliable and secure platform for developers, system administrators, and enthusiasts.
[…] making it easy to keep the operating system up to date with the latest features and security patches.
Ubuntu’s popularity makes it a common target for cyberattacks, while Fedora’s smaller user base may make it less attractive to hackers.

Many more dont mention security at all.


I think it would be great to

  • integrate the documentation of at least big, architectural security implementations in Fedora into the workflows
  • put this somewhere visible. People need to be easily able to say “Fedora is a fresh, friendly and secure Distro. Security does not need to be obscure or unusable.”. This could be in Fedora Magazine, Fedora Wiki or the website.
  • strengthen the image of Fedora as a security-oriented Distribution for up-to-date, (but not yet stable) enterprise grade software.

This is not specifically about “Fedora/ Fedora Flatpaks/ Fedora Containers vs. X”. Keeping track of “the competition” is out of scope. But documenting the specific traits of this project can help building such a conclusion.

I also imagine that keeping documentation up to date is a big task. But the things I found are already great!

  • update them
  • put them somewhere visible (maybe a fedora magazine post, linking to these pages)

This is just a brainstorm post, what do you think about this?


Fedora has SELinux which is the most appealing reason for me to use it!

That’s about it though :stuck_out_tongue:

I like the tightness of software in default repos, but its notably limited compared to openSUSE’s defaults, and I have issue with RPM Fusion QA from that mesa-freeworld ordeal. Having to add repos adds risk.

I think this is a great idea! I do see a lot of privacy advocates online recommend Fedora as the most secure Linux distro before you hit Qubes, but in Fedora itself we don’t have those resources neatly packaged to be able to share. In some cases it’s because they’re just part of how Fedora is developed, like with the faster than most release cadence.

Maybe a good place to start covering this would be with a Fedora Magazine article or series? At least then you would have these resources listed under a Fedora branded site while having more flexibility than working in docs.

1 Like

Yes I also think a summary in Fedora magazine, explaining the basics, would reach a lot of people.

What are guidelines for linking in there? Should it have links everywhere, at the end, etc?

What do you mean by linking on the Fedora Magazine?

I’ll mention Privacy Guides because it mentioned Fedora first and seems to be a common place where users have their first contact with Fedora. The reason it’s mentioned first is because Fedora is perceived as having the strongest security out of the box.

There’s also this page:

They mention a bunch of security features they view as desirable or hard requirements.

Though that recommendation hasn’t been without dissent.

1 Like

Fedora Magazine is for shiny and reduced presentations, but for further info we could add links to such a magazine post, using the post as a collection of all the random locations that I discovered

1 Like