On 28/04/2021 23:28, Jonathan Billings wrote:
On Apr 27, 2021, at 11:32, Johnny Hughes johnny@centos.org wrote:
You would be hard pressed to find many FUNCTIONAL differences between Stream and CentOS Linux // just as you would be hard pressed to find many differences between RHEL 8.2 and RHEL 8.3, for example.
Are there some differences? Sure.
If people don't want stream, then by all means , use something else.
This is true within the narrow scope of just CentOS/RHEL, but if, for example, you rely on ELrepo for kmods for hardware that Red Hat dropped support for, you’ll be sadly unable to use those kmods on Stream (elrepo isn’t supporting Stream[1]).
There will also be inconsistencies with other third party repos and commercial software that focus exclusively on RHEL when Stream gets major version bumps ahead of RHEL. Certainly it will be an opportunity for those vendors to get their product working on Stream, so they’ll be prepared for the next RHEL release.
But this is why people are calling it a beta test for RHEL. Yes, Steam running with only their core repos and software from within CentOS is tested and QA’d. But if you want to use Stream in a larger software context, be prepared for missing support and unexpected breakages. The only use I will consider Stream for will be as a test for upcoming RHEL releases, not as something I will ever want actual users to touch. (And maybe that’s ok)
The other concern for me is security. I've not had time to track CVE's in detail, but even a cursory look shows there are CVE's which have been fixed in RHEL8.3 kernel releases which are still not fixed in the latest Stream release [1] (which if truly upstream of RHEL should presumably get the fixes first before they are backported to the RHEL point releases), and others where the fixes eventually appeared weeks or months later [2]. I know CentOS makes no claims as to security fixes etc, but at least with RHEL->CentOS Linux rebuild, one could reasonably expect that when a security issue was fixed in RHEL, CentOS would have the same release and fix out the door within 24-48h. With Stream we are seeing delays of months for security fixes in the kernel that have been released in RHEL. The only time the Stream kernel is comparable to the RHEL kernel from a security fix viewpoint is once every six months on the day the next point release fork occurs. This all indicates Stream is not of production quality and hence why people associate / use the term beta software.
[1] CVE-2020-25705 [2] CVE-2020-29661