On 16/12/16 00:43, Phil Wyett wrote:
As I see it the longer the time between vendor release and CentOS release people know that we are hittable if they have a viable exploit?
That's true, and I think that's the primary reason for the recommendation to pay for RHEL for critical systems. This applies for any distro that builds on top of another, not just CentOS - there will always be a delay due to rebuilding the binaries. If paying for a commercial enterprise distro isn't possible, and you need both long-term stability and immediate security updates, the only other options I'm aware of are Debian and Ubuntu LTS.
I ask this as I see that the core SIG is not concentrating on the job at hand and concentrating on the work of their new masters - Red Hats CentOS? Their heads are in the cloud. ;-)
"their new masters"? Really?! So everyone who disagrees, or simply happens to be interested in using CentOS in the cloud, is a mindless servant of some evil master? There was actually a lot of work going on for the transition to 7.3, and "the cloud" was certainly not the reason for the delay. If anything, the cloud stuff was somewhat neglected in favor of the core distro during the transition. The 1611 Vagrant release wasn't as smooth as I would have liked due to the unforeseen problems with XFS compatibility.
There is no community version of e.g. SLES; CentOS and other RHEL clones can only exist because Red Hat provides the RHEL sources to _everybody_, not just to their customers, as the GPL requires them to. They have enough engineers as it is, I doubt their cloud effort would be doomed without the 5 people in the CentOS Core SIG. And if they wanted to sabotage CentOS, they could just stop publishing the sources, instead of resorting to secretive orders to the CentOS Core team. I see the opposite, their engineers actively helping CentOS in the SIGs, not to mention Fedora too. They do this because they want to, but they don't owe us anything; I feel that imperative, loud demands for them (or anybody else for that matter) to behave in a certain way, or to spend resources to do stuff for us for free, pretty troubling.
I see Red Hat's hiring of the Core team as a positive thing, since it provides financial stability for them to be able to work full-time on the distro (Red Hat has a pretty hands-off approach regarding the team, if I understood correctly). I don't think it would be in anybody's best interest to have a repeat of the difficult transition to CentOS 6, but, if Red Hat's direct involvement concerns you, why don't you see if you can help Scientific Linux? It's an independent, active RHEL clone, developed by Fermilab and several universities and science labs (CERN switched to CentOS 7, but they used SL 6 before and co-developed it).
I am not associated with Red Hat in any way, and never was their employee, contractor, shareholder or whatever. I spent most time on Debian since 2001 (although Red Hat Linux 4.2 was the first distro I tried, back in 1997), but I am aware of the huge positive impact Red Hat had, if only from the press - they were there from the beginning, one of the first distros and Linux companies. The Linux kernel wouldn't be where it is today without them hiring a pretty large number of kernel hackers, and they are the second biggest corporate contributor to the Linux kernel, right behind Intel.[1] They offered free licenses to their patents for open-source software, open-sourced pretty much everything they did or got from acquisitions, they sponsor a large number of open-source projects (I'm not aware of any attempt to influence or control the direction of projects they sponsor) and even paid commercial font foundries to design good fonts for the Linux desktop, and released them for everyone to use. And other distros also benefit from tools developed by Red Hat or Fedora: I remember having used the readahead-fedora package in Debian, a few years ago, to significantly reduce my boot time.
[1] https://www.linux.com/blog/top-10-developers-and-companies-contributing-linu...
What bothers me is the docs behind the meetings. How are you engaging the community. No your not... You have a club going and the masses don't see what is going on.
Real docs! CentOS is not a community project!
Obvious as that might be, I have a different opinion. The meetings are held on #centos-devel, and the minutes are publicly available on the web. If documentation is missing or obsolete, it's just because of a lack of resources, not an attempt to keep people out. I had problems with the CentOS Vagrant images some months ago, and, after debugging together with Karanbir and others about 3 days on #centos-devel, Karanbir asked me if I wouldn't be interested in becoming a contributor. They brought me up to speed via direct links to the wiki, there were some direct sessions with Brian and the rest, just emails, conversations on IRC, bug tracking, patches on GitHub... If the documentation are lacking, just ask people on #centos-devel, they were always very helpful.
As for Karanbir, he was always immensely helpful and he sometimes answered my questions even late at night - I don't think he should apologize to anyone in this case.
Best regards, Laurențiu