Please note that views expressed in this post (and this blog in general) are only my own and not of my employer.

Dear opensuse planet, dear fedora planet, dear fediverse, dear colleagues,

Soon, the EU OS project celebrates its first anniversary. I want to seize the occasion (and your attention) before the Christmas holidays to share my personal view on the choice of the Linux distribution as a basis for EU OS. EU OS is so far a community-led initiative to offer a template solution for Linux on the Desktop deployments in corporate settings, specifically in the public sector.

Only few weeks ago, the EU OS collaborators tested together a fully functional Proof of Concept (PoC) with automatic provisioning of laptops and central user management. The documentation of this setup is to 90% complete and should be finalized in the coming weeks. This PoC relies on Fedora, which is the one aspect that triggered the most attention and criticism so far.

I recall that EU OS has so far no funding and only few contributors. Please check out the project Gitlab, join the Matrix channel, or send me an email to help or discuss funding. So in my view, EU OS can currently accomplish its mission best by bringing communities and organisations together to use their existing resources more strategically than now.

In 2025, digital sovereignty was much discussed in Europe. I had many opportunities to discuss EU OS with IT experts in the public sector. I am hopeful that eventually one or several European projects will emerge to bring Linux on the (public sector) Desktop more systematically as it is currently the case.

I also learnt more about public sector requirements for Linux on the server, in the VM, in Kubernetes. If the goal of EU OS is to leverage synergies with Cloud Native Computing technologies, those requirements must be considered as well by the Linux distribution powering EU OS.

Linux Use in the Public Sector

Let us map out briefly the obvious use cases of Linux in a public sector organisation, such as a ministry, a court, or the administration of a city/region. The focus is on uses that are directly managed¹.

• Linux on the desktop (rarely the case today, but that’s the ambition of the EU OS project)
• Linux in a Virtual Machine (VM), a Docker/Podman Container, and for EU OS in a Flatpak Runtime
• Linux on the server (including for Virtualisation/Kubernetes nodes)

Criteria for a Linux Distribution in the Public Sector

Given the exchanges I had so far, I would propose the following high-level criteria for the selection of a Linux Distribution:

Battle-tested Robustness

The public sector is very conservative and any change to the status-quo requires clear unique benefits.

Cloud Native Technology

The public sector reacted so far very positively to the promises of bootc technology (bootc in the EU OS FAQ). It is very recent technology, but the benefits for the management of Linux laptop fleets with teams knowing already container technology are recognised.

Enterprise Support

The public sector wants commercial support for a free Linux with an easy upgrade path to a managed enterprise Linux. Already existing companies, new companies, the public sector, or non-profit foundations could deliver such enterprise Linux. I expect that a mix with clear task allocations would work best in practice.

Enterprise Tools

The public sector needs tools for provisioning, configuration and monitoring of servers, VMs, Docker/Podman Containers, and laptops as well as for the management of users. Those tools must scale up to some ten thousands laptops/users. The EU OS project proposes to rely on FreeIPA for identity management and Foreman for Linux laptop fleet management.

Third-Party Support

The public sector wants that their existing possibly proprietary or legacy third-party hardware² or appliances (think SAP) remain supported. This one is tricky, because it is each third party that decides what they support. Of course, any third-party vendor lock-in should be avoided eventually, but this takes time and some vendor lock-ins are less problematic than others.

Supply Chain Security and Consistency

The public sector must secure its supply chains. This becomes generally easier with less chains to secure. A Linux desktop based on Fedora and KDE requires about 1200 Source RPM packages³. A Linux server based on Fedora requires about 300 Source RPM packages. The flatpak runtime org.fedoraproject.KDE6Platform/x86_64/f43 requires about 100 Source RPM packages. I assume the numbers for Ubuntu/Debian/openSUSE are similar. So instead of securing all supply chains independently (possibly through outsourcing), the public sector can choose one, secure this one, and cover several use cases with the same packages at no or significant less extra effort. Also updates, testing, and certifications of those packages would benefit then all use cases.

Accreditation and Certifications

Some public sector organisations require a high level of compliance with cyber security, data protection, accessibility, records keeping, interoperability, etc. The more often a (similar) Linux distribution has passed such tests, the easier it should get.

Forward-looking Sovereignty and Sustainability

The public sector wants to work with stable vendors in stable jurisdictions that minimise the likelihood to interfere with the execution of its public mandate⁴. Companies can change ownership and jurisdiction. While not a bullet-proof solution, a multi-stakeholder non-profit organisation can offer more stability and alignment with public sector mandates. Such an organisation must then receive the resources to execute its mandate continuously over several years or decades. With several independent stakeholders, public tenders become more competitive and as such more meaningful (compare with procurement of Microsoft Windows 11).

Geographical Dimension

I have the impression that some governments would like to choose a Linux distribution that (a) local IT companies can support and (b) creates jobs in their country or region. In my view the only chance to offer such advantage while maintaining synergies across borders is to find a Linux distribution supported by IT companies active in many countries and regions.

While the project EU OS has EU in its name, I would be in favour to not stop at EU borders when looking for partners and synergies. It has already inspired MxOS in Mexico. Then, think of international organisations like OSCE, Council of Europe, OECD, CERN, UN (WHO, UNICEF, WFP, ICJ), ICC, Red Cross, Doctors Without Borders (MSF), etc. Also think of NATO. Those organisations are active in the EU, in Europe and in most other countries of the world. So if EU OS can rely on and stimulate investments in a Linux distribution that is truly an international project, international organisations would benefit likewise while upholding their mandated neutrality.

Diversity of Linux Distributions for EU OS

Douglas DeMaio (working for SUSE doing openSUSE community management) argues in his blog post from March 2025: Freedom Does Not Come From One Vendor. The motto of the European Union is ‘United in Diversity’. Diversity and decentralisation make systems more robust. However, when I see the small scale of on-going pilots, I find that as of December 2025, it is better to unify projects and choose one single Linux distribution to start with and progress quickly. EU OS proposes to achieve immutability with bootable containers (bootc). This is a cross-distribution technology under the umbrella of the Cloud Native Computing Foundation that makes switching Linux distributions later easier. Other Linux distributions could meanwhile implement bootc, FreeIPA, as well as Foreman support, and setup/grow their multi-stakeholder non-profit organisation, possibly with support of public funds they applied for.

The extend to which more Linux distributions in the public sector provide indeed more security requires an in-depth study. For example, consider the xz backdoor from 2024 (CVE-2024-3094).

Vendor	Status
Redhat/Fedora/AlmaLinux	Fedora Rawhide and 40 beta affected, RHEL and Almalinux unaffacted
SUSE/openSUSE	openSUSE Tumbleweed and MicroOS affected, SUSE Linux Enterprise unaffected
Debian	Debian testing and unstable affected
Kali Linux	Kali Linux affected
ArchLinux	unaffected
NixOS	affected and unaffected, slow to roll out updates

Early adopters would have caught the vulnerability independently of the Linux distribution (except ArchLinux 👏). Larger distributions can possibly afford more testing. Older distributions with older build systems are more likely to offer tarball support (essential for the xz backdoor) as back then git was not yet around. To avert such supply chain attacks, implementing supply-chain hardening (e.g. SLSA Level 3) consistently is certainly important and diversification of distributions or supply chains makes it harder first.

Comparison of Linux Distributions

In the comparison here, I focus on Debian/Ubuntu, Fedora/RHEL/AlmaLinux and openSUSE/SUSE, because they are beyond doubt battle tested with many users in corporate environments already. They are also commonly supported by third parties. Note that I don’t list criteria for which all distributions perform equally.

Criterion	Debian/Ubuntu	Fedora/RHEL	AlmaLinux	openSUSE/SUSE
bootc	🟨 not yet	✅ yes	✅ yes	🟨 not yet (but Kalpa unstable and Aeon RC with snapshots)
Flatpak app support	✅ yes	✅ yes	✅ yes	✅ yes
Flatpak apps from own sources	❌ no	✅ yes	🟨 not yet, but adaptable from Fedora	❌ no
FreeIPA server for user management	✅ yes	✅ yes	✅ yes	❌ no5
Proxmox server for VMs	✅ yes	❌ no	❌ no	❌ no
Foreman server for laptop management	✅ yes	✅ yes	✅ yes	❌ no6
Non-Profit Foundation	✅ yes (US 🇺🇸 and France 🇫🇷)	❌ no	✅ yes (US 🇺🇸)	❌ no
3rd-party download mirrors in the EU	ca. 1507	ca. 1008	ca. 2009	ca. 5010
3rd-party download mirrors worldwide	ca. 3507	ca. 3258	ca. 3509	ca. 12510
Github Topics per distribution name	ca. 17150 (6344+10803)	ca. 2500 (1,943+478)	ca. 150	ca. 550 (362+172)
world-wide adopted (based on mirrors)	✅ yes	✅ yes	✅ yes	🟨 not as much
annual revenue of backing company	ca. 300m$	ca. 4500m$	only donations	ca. 700m$
employees world-wide of backing company	ca. 1k	ca. 20k 11	< 500 (including CloudLinux)	ca. 2.5k12
employees in Europe of backing company	≤ 1k	ca. 4.5k	< 500 (including CloudLinux)	≤ 2.5k
SAP-supported13 🙄	❌ no	✅ yes	🟨 RHEL-compatible	✅ yes

I find it extremely difficult to find reliable public numbers on employees, revenues and donations. I list here what I was able to find in the Internet, because I think it helps to quantify the popularity of the enterprise Linux distribution in corporate settings. Numbers for Debian are not very expressive due to the many companies othen than Ubuntu involved. Let me know if you find better numbers.

Other than company figures, also the number of search queries (Google Trends) given an impression on the popularity of Linux distributions. Find here below the graph for the community Linux distributions as of December 2025.

Google Trends for Debian, Fedora and openSUSE worldwide 2025 (Source)

Conclusions as of December 2025

Obviously, it is challenging to propose comprehensive criteria and relevant metrics to compare Linux distributions for corporate environments for their suitability as base distribution for a project like EU OS. This blog post does not replace a more thorough study. It offers however some interesting insights to inform possible next steps.

1. Debian is a multi-stakeholder non-profit organisation with legal entities in several jurisdictions. Unfortunately, its bootc support is in an early stage only and it lacks support for some third-party software vendors such as SAP. For corporate environments, Debian does not offer alternatives to FreeIPA and Foreman, which work best for Fedora/RHEL/AlmaLinux, but also support Debian.
2. Fedora is in this comparison the 2nd largest community in terms of mirrors and Github repositories. Fedora has no legal entity independent from its main sponsor RHEL. However, AlmaLinux is a multi-stakeholder non-profit organisation, albeit very US-centered. With RHEL front running Linux in enterprise deployments for several years, most use cases are covered, including building Flatpak apps from Fedora sources. Fedora downstream distributions with bootc (ublue, Bazzite, Kinoite) run already on tens of thousands systems including in the EU public sector.
3. openSUSE has most success in German-speaking countries and the US (possibly driven by SAP). Internationally, it is significantly less popular. openSUSE has no legal entity independent from its main sponsor SUSE registered in Luxembourg and headquartered in Germany. For corporate environments, openSUSE does not offer alternatives to FreeIPA and Foreman, which support openSUSE only as clients. While Uyuni⁶ offers infrastructure/configuration management, it remains unclear if it can replace Foreman for managing fleets of laptops. openSUSE’s bootc support is in an early stage only.

No Linux distribution fulfills all the criteria. Independently of the distribution, corporate environments would rely on FreeIPA, Foreman, Keycloak, podman, systemd, etc. that Red Hat sponsors. Debian is promising, but its work to support bootc is not receiving much attention. AlmaLinux is promising, but would need to proof its independence from politics yet as it is a fairly new project (1st release in 2021) and doubts remain on its capacity to support Fedora (as Red Hat does) in the long run. Microsoft blogged this week about their increasing contributions to Fedora. Maybe European and non-European companies can step up likewise in 2026, so that Fedora can become a multi-stakeholder non-profit organisation similar to AlmaLinux today.

Community Talk at Fosdem

My 30 min talk on this topic has been accepted at the community conference fosdem 2026 in Brussels, Belgium! Please consider to join if you are at fosdem and let me know your thoughts and questions. The organisers have not yet allocated timeslots yet, but I believe it will take place on Saturday, 31st January 2026.

Talk title

EU OS: learnings from 1 year advocating for a common Desktop Linux for the public sector

Track title

Building Europe’s Public Digital Infrastructure

All the best,
Robert

Dear Tumbleweed users and hackers,

The year is slowly coming to an end, and there are only a few days left in 2025. Naturally, in this period, things tend to slow down a bit. People start preparing to see their loved ones, take a vacation, or generally take time off from the online world. What does that mean for Tumbleweed? The good news: nothing. Tumbleweed keeps rolling; just some days will see slower response times, and requests might linger a bit longer. The process remains unchanged, though: unless openQA confirms the quality of a snapshot, we will prefer to hold a snapshot back in the absence of developers being able to validate its impact. I’m sure that’s in everybody’s best interest.

During the last week, we have been able to publish 4 snapshots (1212, 1215, 1216, and 1217), containing these changes:

• Bash 5.3.9
• KDE Gear 25.12.0
• Linux kernel 6.18.1
• Qemu 10.1.3
• KDE Frameworks 6.21.0
• LLVM 21.1.7
• Samba 4.23.4
• Changed the default for Node.js to version 24
• Rust 1.92

As mentioned, the number of requests are getting a bit lower, but there are still things in the queue being handled at the moment. Most notably, these changes:

• Ruby 3.4.8
• PHP 8.4.15 & 8.4.16
• Mozilla Firefox 146.0.1
• Linux kernel 6.18.2
• Enablement of Python 3.14 modules, while removing Python 3.12. This simple we would provide python 3.11, 3.13 (default) and 3.14
• Ruby 4.0: early testing in staging. So far, this looks all good
• Removal of LUA 5.1

Recently, one of our power users contributed OpenSearch data streams support to syslog-ng, which reminded me to also do some minimal testing on the latest OpenSearch release with syslog-ng. TL;DR: both worked just fine.

Read more at https://www.syslog-ng.com/community/b/blog/posts/using-opensearch-data-streams-in-syslog-ng

With all of the different Linux kerenl stable releases happening (at least 1 stable branch and multiple longterm branches are active at any one point in time), keeping track of what commits are already applied to what branch, and what branch specific fixes should be applied to, can quickly get to be a very complex task if you attempt to do this manually. So I’ve created some tools to help make my life easier when doing the stable kerrnel maintenance work, which ended up making the work of tracking CVEs much simpler to manage in an automated way.

Home made venison goulash with red cabbage and dumplings as family dinner for my mother’s 80th birthday.

Dear Tumbleweed users and hackers,

Hackweek was a blazing success, and many fun projects have been showcased at https://hackweek.opensuse.org. This week has seen Tumbleweed return to its old, boring, always-rolling self, with 4 solid snapshots published this week (1204, 1205, 1210, and 1211)

The most relevant changes contained in these snapshots were:

• Mozilla Firefox 145.0.2 & 146.0
• SDL 3.2.28
• Bash 5.3.8
• Linux kernel 6.18.0
• Postgresql 18.1
• SQLite 3.51.1
• Mesa 25.3.1
• Alsa 1.2.15 (including regression patches, as stock 1.2.15 showed issues in openQA)
• Apache 2.4.66
• GStreamer 1.26.9
• KDE Plasma 6.5.4

Currently, we have received and are testing these changes:

• KDE Gear 25.12.0
• Switch to Node.js 24 by default (current default is Node.js 22)
• Ruby 4.0: early testing in staging. So far, this looks all good
• Removal of LUA 5.1

Organizers of the openSUSE America Summit have opened the call for presentations for the 2026 event.

We are inviting contributors across the globe and the Americas to submit talks or workshops for the event, which is scheduled to take place April 29 - 30 at CUC University in Barranquilla, Colombia.

The event is being organized by Astian Inc. with support from the local LinuxBQ community and CUC University. The location features a main auditorium of seating for 300 to 350 people, workshop rooms and a cybersecurity lab designed for hands-on training.

The submission runs from now through March 1, 2026. Proposals are being accepted for 30-minute talks, 15-minute short talks and one-hour workshops.

The program will focus on open-source software and people can register today.

More details about the schedule, recommended lodging and travel information are expected to be announced in the coming weeks.

Envíe una Presentación para el openSUSE America Summit

Los organizadores del openSUSE America Summit han abierto oficialmente la convocatoria de presentaciones para el evento de 2026.

Invitamos a colaboradores de todo el mundo y del continente americano a enviar propuestas de charlas o talleres para el encuentro, que se llevará a cabo del 29 al 30 de abril en la Universidad CUC, en Barranquilla, Colombia.

El evento está siendo organizado por Astian Inc., con el apoyo de la comunidad local LinuxBQ y de la Universidad CUC. La sede cuenta con un auditorio principal con capacidad para entre 300 y 350 personas, salas de talleres y un laboratorio de ciberseguridad diseñado para sesiones prácticas.

El periodo de presentación de propuestas estará abierto desde hoy hasta el 1 de marzo de 2026. Se aceptan propuestas para charlas de 30 minutos, charlas breves de 15 minutos y talleres de una hora.

After upgrading openSUSE to the latest 16.0 version and restarting the machine, the cursor stopped blinking as it was waiting forever for something that would never be loaded. It is something that might scare even the oldest user, but with a little bit of discernment, things can be quickly fixed.

The openSUSE community will celebrate the 6-year anniversary of the openSUSE Bar on Dec. 19 starting at 13:00 UTC. Join people in the bar and celebrate this social space where open-source enthusiasts, developers and like-minded people come together to discuss open source and more.

The openSUSE Bar has become more than just a meeting place over the years; it’s a space to collaborate, connect and enjoy a welcoming atmosphere for sharing ideas and tech knowledge. The bar has hosted countless informal meetups and networking moments, celebrated openSUSE milestones, and serves as a familiar gathering point for openSUSE fans across the globe.

Community members are invited to join the celebration and share memories or stories of experiences as a part of the project.

Those interested in the origins of the openSUSE Bar can watch a video about the beginning of the openSUSE Bar from a talk at openSUSE Conference 2022.

The December syslog-ng newsletter is now on-line:

• File size-based log rotation in syslog-ng
• Syslog-ng release packages for RHEL & Co.
• Nightly syslog-ng RPM packages for RHEL & Co.

It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-12-logrotation-release-rpm-nightly-rpm