On 11/12/20 9:49 AM, Johnny Hughes wrote:
On 11/12/20 8:14 AM, Pablo Sebastián Greco wrote:
On 12/11/20 10:41, Simon Matter wrote:
On 11/12/20 4:23 AM, Sandro Bonazzola wrote:
Il giorno mer 11 nov 2020 alle ore 15:31 Johnny Hughes <johnny@centos.org mailto:johnny@centos.org> ha scritto:
On 11/9/20 11:39 PM, Satish Patel wrote: > Folks, > > Redhat has released RHEL 8.3 for the general public last week so > curious when CentOS 8.3 is coming out for the public? >
As always .. it will come out when it is done.
We have no idea how long that will take until we finish it .. them we'll know.
Thanks for your hard work on this. Just a question on the technical side: weren't CentOS 8.3 packages already built once for CentOS Stream in the past? It should reduce the amount of packages to be rebuilt right?
For most of them, yes. Some are new. Should be faster than in the past.
While we are at it, I was always wondering about reproducible builds. From what I understand RHEL is not reproducible, otherwise most packages of CentOS should be identical with the RedHat packages, right?
Right, RHEL is not reproducible, but even if it were, nothing indicates that CentOS builds should be identical for different reasons
- RHEL sort of accumulates builds and then dumps them for point
release, so we have no way to replicate the exact environment in which the build was produced. 2) Debranding, some of our debranding might affect things
Wouldn't it be a security improvement if RHEL builds were 100% reproducible? Or do I miss something here?
You're not missing anything, it would be a big security improvement, not enough, but still much better.
It also depends on what you mean reproducible.
But no .. CentOS has never been the same as RHEL. There are 2 separate closed build systems and always have been.
The closed CentOS build system gets RELEASED content only. The close Red Hat build system can have many iterations of a package between two RELEASED packages that never get pushed. Those iterative packages are, however, used to build things that happen between actual released files. Therefore CentOS Linux content is NOT THE SAME AS RHEL. If you want RHEL .. buy RHEL.
As far as reproducible .. they COULD be, if you created a special config file that was exactly identical to the original build. We don't do that however. CentOS builds packages that get released today against the build system that exists today. We build what is released next week against the build system that exists next week.
Hmm .. missing stuff,
So users need to verify CentOS meets their needs.