Solus: focusing on desktop Linux

The often-predicted (if only in jest) year of the Linux desktop has long since been written off as an illusion by much of our community. But it seems that predictions of the death of the Linux desktop (or of desktop computing in general) are also somewhat premature; developers continue to work on desktop environments and users remain interested in that work. The Solus Project produces a strongly desktop-focused distribution; the March 2 release of Solus 1.1 Shannon provides a good opportunity to look at what this group has been up to.

Many new distributions start with an existing project and extend it; Solus has not chosen to take that path. Instead, it is a new distribution built from the beginning with, naturally, its own package-management system and package format. As the "Why Solus?" page asserts: "We don’t need to patch or work around the work of others, we deliver one well designed unit to our end users." This work is focused exclusively on the desktop experience, with no interest in catering to other use cases; "if you’re thinking about running a Solus server, forget about it."

Running Solus

The project's download page offers a single ISO image for x86-64 systems; other architectures are not supported. Users with UEFI secure boot enabled will also discover that the Solus developers have not included secure boot support; it must be disabled before the installation image can run. Once that is done, the result is a fairly typical live system running directly from the installation media, with the option to install (via a typical, multi-step process) onto a local drive.

Solus is based on GNOME 3 components, so it's not surprising that the resulting system looks and feels a lot like a normal GNOME 3 desktop, with some obvious tweaks. Initially the user gets an empty screen, with the usual dark panel at the top. The Solus developers have moved away from the GNOME Shell, though, replacing it with a system called Budgie. The first thing a GNOME user is likely to notice is that Budgie dispenses with the active upper-left corner used by GNOME Shell; those of us who find the active corner to be, even after years, a daily inspiration for loud profanity, will not miss it.

Clicking on the circular icon found at the left end of the panel results in a hierarchical application menu with a search bar. Finding applications is easy enough; clicking on an application will always result in a new window appearing. Budgie does not retain GNOME Shell's (also profanity-inspiring) practice of taking the user to a random, existing window if the selected application is already running. The application menu remembers recent choices, so, once the user has found out how to get a terminal, that option is readily at hand. There does not appear to be a way to explicitly wire "favorite" applications into the top-level menu.

The applications themselves are mostly what one would expect from a GNOME-based system: gnome-terminal, Firefox, Thunderbird, RhythmBox, etc. VLC is installed as well; the Solus project makes a point of installing the necessary codecs to play popular media formats, apparently without the worries that can keep such software out of other distributions. There is a settings application that looks suspiciously like the GNOME equivalent, but with the icons replaced.

Software is managed through a separate application, which can also look for and install updates. The number of packages is somewhat limited, apparently by the choice of the Solus developers. Their stated intent is to produce a focused distribution where all of the pieces work together rather than supporting the largest possible list of packages. The software shipped in the 1.1 release is current as of this writing (4.4.3 kernel, for example). There is no build number as part of the package version numbers; that suggests that, once a given package is built, no new builds for that particular version will be done. Among other things, that implies that backporting of fixes is not done.

Clicking on the right end of the panel will produce a dropdown menu in typical GNOME fashion, but the Solus developers have made some changes here as well, calling the result "Raven." The calendar has moved into this window; there are also audio controls and the ability to tweak the desktop's theme or add a small set of applets to the panel. A separate tab in this window contains a list of recent notifications.

Budgie supports multiple workspaces, but does not seem to emphasize them; one has to dig to find the "workspace switcher" applet deep within the Raven window. There is no obvious way to move windows between workspaces.

Security

Anybody contemplating using a Linux distribution is well advised to look hard at its security practices. Unless a system is never connected to the net, it will be exposed to threats, and it will turn out to have vulnerabilities. Distributions that are not managed with security in mind will end up leaving their users vulnerable, sooner or later.

The available evidence suggests that Solus is not, at this point, as serious about security as one would like. The project has announced that it is signing its releases — but that practice only started in late February. Better late than never, but it would have been better yet if they had thought of this some time ago.

If there is any sort of mechanism for the signing of individual Solus packages (and verifying those signatures), it is not mentioned anywhere in the documentation.

The Solus project does not issue security advisories, so there is no way to know which vulnerabilities exist in the distribution or whether they have been fixed. Like rolling-release distributions, Solus seems to depend on the practice of installing just-released software as a way of patching vulnerabilities. The project does seem to be good at staying on that leading edge; the 4.4.3 kernel, for example, only came out five days before the Solus 1.1 release, and the distribution has the DROWN-proof OpenSSL 1.0.2g release, which was one day old at the time of the Solus release.

But throwing new packages into the repository is an incomplete security policy at best. If the distribution's developers are not tracking vulnerabilities in the software they ship, they have no way of knowing how secure their distribution is. Users will have even less of an idea, of course. One might argue that Solus is young and still trying to find its feet, and that argument is not without merit. But, if the Solus developers are serious about providing a top-quality Linux desktop experience, they are going to need to make security an explicit part of their strategy.

To summarize, what Solus seems to offer is a new attempt at creating a distribution with an exclusive focus on the needs of desktop users. Much work has been done to pare the distribution down to what the developers think those users need and to make it work as well as possible. The result is indeed a nice desktop distribution, even if its relative lack of maturity shows through in places. One can only wish the Solus developers luck as they seek to revitalize the development of desktop Linux.

---

to post comments