On 1/8/20 4:25 PM, Gordon Messmer wrote:
On 1/8/20 7:43 AM, Johnny Hughes wrote:
I don't think it's*entirely* fair to say that the fixes offered weren't relevant to CentOS, when no one outside the core maintainers had access to the build process, where fixes relevant to CentOS could be offered.
That is because CentOS Linux (other than Stream) is a rebuild of RHEL source code .. so, that is how things get into base CentOS Linux.
Yes, I know.
We don't accept input that deviates base CentOS Linux from RHEL source code.
Of course not. But that's not the point. Neal pointed out that the process of debranding and rebuilding CentOS is not a community process, and that the user community takes and does not give back much. That is true. I agree with him.
Well sure .. but that is also true for any Linux distribution. It's not like Ubuntu or Debian or Linux Mint (or anyone else) let community members build their distributions.
Obviously, what gets built and what gets accepted into their build system, as well as signature to verify the distributions are totally on system they control .. they validate any patches received before it gets into their distros too.
We are never going to allow other people to build things not in our validated systems and then sign and release it with CentOS Keys as CentOS Linux. That would be ridiculously stupid :)
And .. building the packages is NOT what is the hold up in most cases. Testing and validation is the major issue. Brian addressed a bunch of that in his mail.
I don't, however, know a good reason to believe that the community doesn't want to contribute, or isn't capable of contributing. I have seen people offer to contribute numerous times, especially when new major or minor releases lag far behind upstream. I tend to think those lags are evidence that the project does need more contributors, but I simply don't know any way for capable people to access the work queue and assist in getting it done.
Many users see CentOS as a clone (i hate that word, it is not a clone) of RHEL or even worse .. as Free RHEL. It is neither. It is rebuilt source code on a separate closed system and nothing more.
We don't need help building it .. we need help testing it.
If you want RHEL, with all its certifications and software assurance and CVE verification .. then buy RHEL. If RHEL ceases to exist, then so does CentOS Linux. It is just that simple. If you are running a business and if you have to answer security questions to investors, you need certified solutions. Again .. pretty simple. CentOS Linux has no certification of any kind. If you are using it, YOU are providing the certification that it mets YOUR needs.
When I look at https://wiki.centos.org/Contribute , I don't see any entry points for capable people to participate early in the process. I see a note that testing packages are announced on the devel list, but that's pretty far along in the process. It's hard to imagine that participating at that point will significantly improve the turnaround time for the process of rebuilding and publishing the system.
I could be wrong, since I see the situation from the perspective of the user community that I'm a part of, but my point is that Jim said "there wasn't really much of a way to give back that didn't make the project deviate from its core mission" and that is literally true. I'm not arguing otherwise. I just want to suggest that the fact that there wasn't a way to give back without deviating from the core mission is the result of decisions that the developers made to keep the process very closed and private, and we should acknowledge that when we're discussing community contributions.
Sure, as does every other distribution .. it can only be built from git.centos.org .. any changes to that need to be validated and accepted by a very small number of people to make sure it meets the standards.
There are special interst groups that build things NOT base CentOS Linux .. and they all can use more people. There are bugs listed at bugs.centos.org that need validated and if they are RHEL issues, bugs need to be filed at bugzilla.redhat.com to get those fixed. There are questions on the forums that need answers. All of these things can be done by the community .. if the community wants to do them. They all help everyone. Yet, no one does them.
If by community help .. you want community members building and signing the base os packages .. that is probably never going to happen. It also would never happen in Ubuntu or Debian or any other distribution.
We are looking at some mechanism to automate building things that do not need approval at some period of time. But that will be discussed later.