Ian Murray wrote:
<< I've rambled on too long. But seriously, what is you want? CentOS is a great Linux distribution, so what's the problem? >>
The 'progress' I am talking about it making those 4 million installs into 5 million installs, if that is important. (I wish 4 mill installs hadn't been raised, because on that basis, we should all do it the MS way because they win on seat count.) Or the ability to release errata updates while a dot release is pending (see below.) From a fragility point of view, I guess its always been present but it is highlighted in the open-letter and the delay of 5.3. In the letter, there is talk of CentOS dying if developers walk away, etc. Emotive language, no doubt born from frustration, but still sent a chill down my spine. I think I did read somewhere on the list that errata aren't addressed when a dot release is due, but rather rolled up into said dot release (correct me if I am wrong). I didn't realise that and that represents a risk to any one that relies on CentOS. Maybe if the process was more open, then that activity could be spun out to some new guys or more ideally a mixture of old and new. What a don't want to do is to pile more and more work on the current guys. That's when ppl do walk away because it starts affecting their life outside of CentOS, e.g. work, family, etc.
There is nothing wrong with the distribution itself, long may it live. My concern is that it is too reliant on individuals. A concern the devs raised themselves through the open letter. I am raising the same concern about the 'core' that the 'core' raised about Lance, that's all.
If updates and upgrades stopped coming and there was no impact to you, then my words will not mean much to you. If however it does have an impact, then you may start to consider which basket you have put your eggs in. If the CentOS project is not interested in retaining the latter, then carry on as you are.
WRT to the one valid issue that you raise ... let me explain the TECHNICAL reason why you can not release these things hodge podge.
First ... Red Hat releases point releases at regular intervals (3-4 times per year).
Second ... we do not release anything that does not pass our checks and is linked to the same libraries as upstream.
Now, when the upstream provider does a point release, that means they have released a whole bunch of NEW libraries. It also means that every single update that comes out after their point release is built against the NEW libraries and not the OLD libraries.
We can NOT build and release the security updates you talk about against the OLD libraries that you have installed on your machine (prior to the point release) as it will make the NEW updates we are building NOT like they are upstream.
We have to build the new updates against the point release instead. The point release will either not be done yet (it takes time to build) or in testing/qa and not yet released. When we build against it, we will have to release all the pieces that are required to also get the updates you are talking about.
That is the problem ... therefore, we HAVE to finish the point release and get it out before we can build new updates released after the point release. This is not new, it has been an issue since the first rebuild more than 5 years ago.
People who do not understand the technical issues involved do not see why we can't just snap our fingers and put out the packages ... well, we can't.
Thanks, Johnny Hughes