Hi,
Since the release of CentOS 5.3 is imminent(?) I'd like to ask a question regarding why did it took so long to be released and, more important, suggest some actions in order to reduce this time if I can assume what caused this delay.
First I'd like to make sure I am not complaining about this delay between the RHEL and CentOS releases per se. I did not help in any way to make it happen faster and usually I don't mind having a three weeks gap between them. But I've noticed that we had two security related kernel updates from RHEL since the RHEL 5.3 release and there is no word on when it will be released or why is it taking so long.
I can only assume that this delay is caused by lack of the necessary human resources.
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up. If RH maintains the 4-6 month schedule it can happen again in less than three months.
If this is not the case as a suggestion please let the community know what's going on. Perhaps an automated email sent to the mailing list with today's status (like 400 packages left to rebase, 20 packages being reviewed by QA etc) would give a sense of progress, let the others know if you hit problems and reduce the anxiety with daily doses of news :)
Regards.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
mbneto wrote:
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up. If RH maintains the 4-6 month schedule it can happen again in less than three months.
There is already a "donate" link on the centos.org web page. You could easily start that campaign and herd people to the site to make donations.
Barry
Barry L. Kline wrote:
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up. If RH maintains the 4-6 month schedule it can happen again in less than three months.
There is already a "donate" link on the centos.org web page. You could easily start that campaign and herd people to the site to make donations.
That would be very wrong. Since people might think there were financial reasons behind the delay, and there is nothing of that nature.
Karanbir Singh wrote:
That would be very wrong. Since people might think there were financial reasons behind the delay, and there is nothing of that nature.
Can gcc/make be distributed? Could people dedicate their CPU time ala SETI or folding@home to test builds and compiles? I am not sure where the bottleneck is, and I know throwing money and manpower does not always help when it comes to software development :)
One thing is delays (and with CentOS, I feel a 6-8 weeks delay is not that much, ymmv etc etc), but what I worry about is members of the core CentOS team burning out and quitting... that would be much worse for CentOS than a few weeks delay here and there. For me it is important for the core team to know that they can take the time off they need for real life events without feeling bad or guilty about delaying a free, community driven project.
For people that are directly affected by a delay, there is always the excellent RHEL product to buy for a small amount of dollars.
but what I worry about is members of the core
CentOS team burning out and quitting... that would be much worse for CentOS than a few weeks delay here and there. For me it is important for the core team to know that they can take the time off they need for real life events without feeling bad or guilty about delaying a free, community driven project.
totally agree. we need to appreciate them and not be too demanding.
Morten Torstensen wrote:
Can gcc/make be distributed? Could people dedicate their CPU time ala SETI or folding@home to test builds and compiles? I am not sure where the bottleneck is, and I know throwing money and manpower does not always help when it comes to software development :)
There were a bunch of things that came together at the same time. So yes perhaps more people would have helped here - but that again comes with its own issues. Things that could have also helped are much faster internet links, beefier build systems, access to certain data, more time away from $DayJob, an economy and industry that wasent taking a crap, people not having to work 10 to 12 hrs a day to (a) keep their jobs (b) make up for work that other people who didn't have their jobs anymore left behind. Add salt and spice to taste.
Some of these problems are solvable if they stay stationary. Unfortunately, you will find that none of them are.
A lot of what CentOS is - directly maps back to the people involved, and the process's being used. Take those away and the idea of centos is becomes irrelevant. And for those who dont care much about either of these two things, there is always an exit route, or a dozen.
There are about two dozen people involved with the centos 'team', and I am sure each and everyone of us would like to spend more and more time and resources on the project - but there are limits that must be honored.
Also, were not getting ready for 5.4. were going to be getting ready for 4.8 first, then a CentOS6 Beta and then a 5.4.
on 3-24-2009 9:53 AM Karanbir Singh spake the following:
Morten Torstensen wrote:
Can gcc/make be distributed? Could people dedicate their CPU time ala SETI or folding@home to test builds and compiles? I am not sure where the bottleneck is, and I know throwing money and manpower does not always help when it comes to software development :)
There were a bunch of things that came together at the same time. So yes perhaps more people would have helped here - but that again comes with its own issues. Things that could have also helped are much faster internet links, beefier build systems, access to certain data, more time away from $DayJob, an economy and industry that wasent taking a crap, people not having to work 10 to 12 hrs a day to (a) keep their jobs (b) make up for work that other people who didn't have their jobs anymore left behind. Add salt and spice to taste.
No amount of seasoning would make that taste any better!
Some of these problems are solvable if they stay stationary. Unfortunately, you will find that none of them are.
A lot of what CentOS is - directly maps back to the people involved, and the process's being used. Take those away and the idea of centos is becomes irrelevant. And for those who dont care much about either of these two things, there is always an exit route, or a dozen.
There are about two dozen people involved with the centos 'team', and I am sure each and everyone of us would like to spend more and more time and resources on the project - but there are limits that must be honored.
Also, were not getting ready for 5.4. were going to be getting ready for 4.8 first, then a CentOS6 Beta and then a 5.4.
And then maybe you can take a breath?
You all are very appreciated. Don't let 10 or 20 (l)users make you think that the other million or so aren't happy!! ;-)
On Tue, Mar 24, 2009 at 10:18:58AM -0700, Scott Silva wrote:
And then maybe you can take a breath?
You all are very appreciated. Don't let 10 or 20 (l)users make you think that the other million or so aren't happy!! ;-)
I certainly hope this isn't in response to those of us who have piped in on this thread. I know the OP's intention was to find a way to help.
No one in this thread has been complaining; just users of various skillsets trying to figure out how best to help out.
I'm sure that's what you meant though :-)
Ray
Scott Silva wrote:
Also, were not getting ready for 5.4. were going to be getting ready for 4.8 first, then a CentOS6 Beta and then a 5.4.
And then maybe you can take a breath?
Thats a good point. One thing that I hope to work towards and I feel we are getting setup to do is get a constant trot going, so it does not come down to a mad rush, then the quiet bits to be followed by a mad dash again. Automating as much as possible, and spreading the need-people-for bits of the process seems to be the way to go.
5.3 should ship in a few days, once its all done. I'll post a much longer version of the paragraph above. It would be really good to have more ideas and thought process's thrown in
Scott Silva wrote:
on 3-24-2009 9:53 AM Karanbir Singh spake the following:
Also, were not getting ready for 5.4. were going to be getting ready for 4.8 first, then a CentOS6 Beta and then a 5.4.
And then maybe you can take a breath?
Yeah, no kidding. This is a lot of work, no matter how much automation is involved.
Hi Barry,
I know but if this campaign comes from CentOS itself it will no appear as a hoax or some sort of scam.
There is already a "donate" link on the centos.org web page. You could easily start that campaign and herd people to the site to make donations.
Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFJx3oTCFu3bIiwtTARAi3PAJ9PYTFQNhxKitW3hLgm35fofnA4iwCfeWt1 sz1OPeShDExlG5HryNqrpJY= =ZXKd -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
mbneto wrote:
Hi,
Since the release of CentOS 5.3 is imminent(?) I'd like to ask a question regarding why did it took so long to be released and, more important, suggest some actions in order to reduce this time if I can assume what caused this delay.
First I'd like to make sure I am not complaining about this delay between the RHEL and CentOS releases per se. I did not help in any way to make it happen faster and usually I don't mind having a three weeks gap between them. But I've noticed that we had two security related kernel updates from RHEL since the RHEL 5.3 release and there is no word on when it will be released or why is it taking so long.
I can only assume that this delay is caused by lack of the necessary human resources.
There were some unusual situations with core developers this time around.
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up. If RH maintains the 4-6 month schedule it can happen again in less than three months.
Some additional resources could help but since CentOS developers are unpaid, raising money for human resources may not be the correct approach. Beefing up the buildsystem has been noted as something desirable.
If this is not the case as a suggestion please let the community know what's going on. Perhaps an automated email sent to the mailing list with today's status (like 400 packages left to rebase, 20 packages being reviewed by QA etc) would give a sense of progress, let the others know if you hit problems and reduce the anxiety with daily doses of news :)
And who is going to develop such nice automation? There has been regular news:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=18223&forum=3... http://twitter.com/CentOS
Phil
Hi,
There were some unusual situations with core developers this time around.
This is something that we should address don't you think?
Some additional resources could help but since CentOS developers are unpaid, raising money for human resources may not be the correct approach. Beefing up the buildsystem has been noted as something desirable.
I think that this is somewhat contradictory. If the developers are unpaid we should be considering at least some help (paid one) so we can expect a more regular approach not a best effort one.
And who is going to develop such nice automation? There has been
regular news:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=18223&forum=37
Well, there is no need to automation. This paid help would send one email per day with the summary.
Thanks.
mbneto wrote:
Hi,
There were some unusual situations with core developers this time around.This is something that we should address don't you think?
Well, Karanbir has already weighed in on the thread. If he needs help I'm sure he knows where to ask.
Some additional resources could help but since CentOS developers are unpaid, raising money for human resources may not be the correct approach. Beefing up the buildsystem has been noted as something desirable.I think that this is somewhat contradictory. If the developers are unpaid we should be considering at least some help (paid one) so we can expect a more regular approach not a best effort one.
Hiring and managing employees has substantial overhead involved. I doubt this is worthwhile.
And who is going to develop such nice automation? There has been regular news: <http://www.centos.org/modules/newbb/viewtopic.php?topic_id=18223&forum=37>Well, there is no need to automation. This paid help would send one email per day with the summary.
If you need faster updates or more support than CentOS can provide, please consider RHEL as an option. CentOS would not exist without them.
2009/3/23 mbneto mbneto@gmail.com:
There were some unusual situations with core developers this time around.
This is something that we should address don't you think?
If someone has a medical problem and someone else is getting married, how will you address that? Everyone has a personal life and that should be a higher priority than this or any other project they spend time on.
Some additional resources could help but since CentOS developers are unpaid, raising money for human resources may not be the correct approach. Beefing up the buildsystem has been noted as something desirable.
I think that this is somewhat contradictory. If the developers are unpaid we should be considering at least some help (paid one) so we can expect a more regular approach not a best effort one.
Possibly you should consider buying RHEL, if you need the updated OS faster. The CentOS Developers do everything possible to make this an excellent product and one that has outstanding support.
And who is going to develop such nice automation? There has been regular news:
Well, there is no need to automation. This paid help would send one email per day with the summary.
The $ the project receives goes for hardware and network connectivity. Nobody is paid. The CentOS developers devote their time and hard work because they want this project to be successful.
Lanny Marcus wrote:
The $ the project receives goes for hardware and network connectivity.
That is not true.
Money donated to the project goes to sit in a pot. Resources that we use to do things on and with are on machines that we ( developers, centos team and contributors ) pay for, manage and run ourselves. CentOS does not subsidise or pay for any of it.
This also includes our network bills, phone bills for support calls and conf calls that we are sometimes part of and any other overhead.
Karanbir Singh wrote:
Money donated to the project goes to sit in a pot. Resources that we use to do things on and with are on machines that we ( developers, centos team and contributors ) pay for, manage and run ourselves. CentOS does not subsidise or pay for any of it.
Just to clarify - this is about the machines we use, the centos team.
mirror.centos.org runs off donated hardware, sitting in donated space, using only donated network. This also includes the webserver, the mailserver and almost everything inside *.centos.org. It costs the project nothing.
A direct fallout from the efforts by some of us in talking to and educating hosting companies about CentOS. Which reminds me, if you are a company with a few mb/sec link to spare and want to offer us something - dont bother with a financial donation, host a machine for us instead :) </plug>
On Tue, March 24, 2009 1:13 pm, Karanbir Singh wrote:
Karanbir Singh wrote:
Money donated to the project goes to sit in a pot. Resources that we use to do things on and with are on machines that we ( developers, centos team and contributors ) pay for, manage and run ourselves. CentOS does not subsidise or pay for any of it.
Just to clarify - this is about the machines we use, the centos team.
mirror.centos.org runs off donated hardware, sitting in donated space, using only donated network. This also includes the webserver, the mailserver and almost everything inside *.centos.org. It costs the project nothing.
Karanbir, what is the donated money used for?
Marko
On Tue, Mar 24, 2009 at 12:02 PM, Karanbir Singh mail-lists@karan.org wrote:
Lanny Marcus wrote:
The $ the project receives goes for hardware and network connectivity.
That is not true.
Money donated to the project goes to sit in a pot. Resources that we use to do things on and with are on machines that we ( developers, centos team and contributors ) pay for, manage and run ourselves. CentOS does not subsidise or pay for any of it.
This also includes our network bills, phone bills for support calls and conf calls that we are sometimes part of and any other overhead.
What you explained certainly increases (if that's possible), the respect and appreciation I have for the CentOS developers.
On Mar 24, 2009, at 1:02 PM, Karanbir Singh mail-lists@karan.org wrote:
Lanny Marcus wrote:
The $ the project receives goes for hardware and network connectivity.
That is not true.
Money donated to the project goes to sit in a pot. Resources that we use to do things on and with are on machines that we ( developers, centos team and contributors ) pay for, manage and run ourselves. CentOS does not subsidise or pay for any of it.
This also includes our network bills, phone bills for support calls and conf calls that we are sometimes part of and any other overhead.
How about setting up a dynamic build environment on Amazon's C2?
How about forming a formal non-profit organization around CentOS with contributors.
I'm pretty sure companies like Google and Amazon as well as a lot of big ISPs would contribute large money to keep CentOS going strong. What is needed is someone who can knock on those doors, raise those funds.
There is no reason CentOS can't be run like Wikipedia or Sourceforge. Draft a charter.
If a movement like CentOS is going to survive it's going to have to grow and the only way it can grow is by solicitating donations then depending on the offered ones it recieves now.
-Ross
Ross Walker wrote:
How about forming a formal non-profit organization around CentOS with contributors.
The question is "where". What counts as a non-profit in the US doesn't automatically count as one in Europe, for example - that's why there is a Fedora EMEA, too. Which really binds ressources - and the Fedora community is large. Yes, one could to talk to them to see how they did it, I know the people on their board.
If a movement like CentOS is going to survive it's going to have to grow and the only way it can grow is by solicitating donations then depending on the offered ones it recieves now.
Do I smell a special interest group http://wiki.centos.org/SpecialInterestGroup here?
Ralph
2009/3/25 Ralph Angenendt ra+centos@br-online.de:
Ross Walker wrote:
How about forming a formal non-profit organization around CentOS with contributors.
The question is "where". What counts as a non-profit in the US doesn't automatically count as one in Europe, for example - that's why there is a Fedora EMEA, too. Which really binds ressources - and the Fedora community is large. Yes, one could to talk to them to see how they did it, I know the people on their board.
If a movement like CentOS is going to survive it's going to have to grow and the only way it can grow is by solicitating donations then depending on the offered ones it recieves now.
Do I smell a special interest group http://wiki.centos.org/SpecialInterestGroup here?
Or another mailing list or IRC channel? If Ross is correct, and I hope he is correct, that Google, Amazon, large ISPs, etc., would donate $, wow. If they are using CentOS and they only contributed USD$1 for each server, imagine how much $ that would be for the CentOS project. :-) Obviously, more than one dollar per server is the goal.
On Mar 25, 2009, at 10:18 AM, Lanny Marcus lmmailinglists@gmail.com wrote:
2009/3/25 Ralph Angenendt ra+centos@br-online.de:
Ross Walker wrote:
How about forming a formal non-profit organization around CentOS with contributors.
The question is "where". What counts as a non-profit in the US doesn't automatically count as one in Europe, for example - that's why there is a Fedora EMEA, too. Which really binds ressources - and the Fedora community is large. Yes, one could to talk to them to see how they did it, I know the people on their board.
If a movement like CentOS is going to survive it's going to have to grow and the only way it can grow is by solicitating donations then depending on the offered ones it recieves now.
Do I smell a special interest group http://wiki.centos.org/SpecialInterestGroup here?
Or another mailing list or IRC channel? If Ross is correct, and I hope he is correct, that Google, Amazon, large ISPs, etc., would donate $, wow. If they are using CentOS and they only contributed USD$1 for each server, imagine how much $ that would be for the CentOS project. :-) Obviously, more than one dollar per server is the goal.
You would be surprised at how many vendors are using CentOS right now for large commercial endeavors and even commercial software packages (Citrix Xen).
There is a phenominal need for an enterprise OS with long term support, but void of messy licensing and royalty fees striped of all intellectual property, and if these companies are using CentOS to fulfill that need then they have a vested interest to make sure it succeeds now and for the foreseeable future.
To this end it would cetainly not be rude to ask these companies for appropriately sized donations to make sure CentOS keeps going strong, completely voluntary of course, anonymously if preferred, otherwise they can be prominantly listed as a valued supporter.
Just before any of that happens some ground work, as Ralph pointed out, needs to be established.
I think CentOS should be registered as a non-profit both in America/ Canada and in the European Union.
Call it CentOS.org NA and CentOS.org EU.
Maybe there is an attorney on the list that would like to donate some pro-bono work in putting together applications for each in return for a tax write-off (applicable when filing for 2009 of course!).
-Ross
Ross Walker wrote:
<snip>
To this end it would cetainly not be rude to ask these companies for appropriately sized donations to make sure CentOS keeps going strong, completely voluntary of course, anonymously if preferred, otherwise they can be prominantly listed as a valued supporter.
-Ross
The companies that should donate are those that _want_ to. Funny how donations work.
On Mar 25, 2009, at 8:13 PM, griz_quattro griz_quattro@tx.rr.com wrote:
Ross Walker wrote:
<snip>
To this end it would cetainly not be rude to ask these companies for appropriately sized donations to make sure CentOS keeps going strong, completely voluntary of course, anonymously if preferred, otherwise they can be prominantly listed as a valued supporter.
-Ross
The companies that should donate are those that _want_ to. Funny how donations work.
People want to donate to organizations that help kids with MD, but that doesn't stop Jerry Lewis from holding telefons.
People need to be reminded that these services are only available through their kind contributions.
Also some organizations need an actual governing body to donate to, an organization that is recognized as a non-profit institution by the local government so they can get a tax deduction.
I am not talking about knocking on each user's door with a hand out, but a few large contributors can really help shape the long-term prospectus of a non-profit organization.
Look how organizations such as Fedora or Wikipedia get their funding.
-Ross
On Mon, Mar 23, 2009 at 07:46:49AM -0400, mbneto wrote:
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up.� If RH maintains the 4-6 month schedule it can happen again in less than three months.
If this is not the case as a suggestion please let the community know what's going on.� Perhaps an automated email sent to the mailing list with today's status (like 400 packages left to rebase, 20 packages being reviewed by QA etc) would give a sense of progress, let the others know if you hit problems and reduce the anxiety with daily doses of news :)
(Obdiscaimer: I am not a CentOS developer)
You know, it really amuses me that there are all these "drive-by" offers of "help" with every new release of CentOS. If I were one of the developers, I'd be getting a little annoyed right now.
If you really want to assist, why don't you invest the time and effort BEFORE a release is near, helping out with all the standard stuff so that you can gain the trust of the team, and become a real, long term, contributor.
On Mon, Mar 23, 2009 at 03:10:46PM +0200, Neil Thompson wrote:
On Mon, Mar 23, 2009 at 07:46:49AM -0400, mbneto wrote:
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up.� If RH maintains the 4-6 month schedule it can happen again in less than three months.
If this is not the case as a suggestion please let the community know what's going on.� Perhaps an automated email sent to the mailing list with today's status (like 400 packages left to rebase, 20 packages being reviewed by QA etc) would give a sense of progress, let the others know if you hit problems and reduce the anxiety with daily doses of news :)
(Obdiscaimer: I am not a CentOS developer)
You know, it really amuses me that there are all these "drive-by" offers of "help" with every new release of CentOS. If I were one of the developers, I'd be getting a little annoyed right now.
If you really want to assist, why don't you invest the time and effort BEFORE a release is near, helping out with all the standard stuff so that you can gain the trust of the team, and become a real, long term, contributor.
FWIW, the OP was bringing his suggestions up for the 5.4 release (which is a ways off yet). I'm just going to assume he had the best of intentions.
There maybe needs to be a community leizon of some sort to help leverage these types of offers for help. Many of us are willing to help, but certainly don't have the necessary time cycles to do so as effectively as some of the rest of the core team. If there was a way to make jumping in and helping out with a few mundane tasks or throwing spare CPU cycles at tasks I think a lot of the "weekend warriors" could be more effectively leveraged.
From a brief glance at the "Contribute" page[1], there isn't a lot of
info on the build process, bottlenecks, or how people can help out with it although there is good information on other areas.
Maybe adding something to that page would be a good start and a way to stem off these random "how can I help?" posts to the mailing list?
Just some thoughts. We are all tremendously appreciate of the people who do the heavy lifting for CentOS.
Ray
On Mon, Mar 23, 2009 at 11:49 PM, Ray Van Dolson rayvd@bludgeon.org wrote:
There maybe needs to be a community leizon of some sort to help leverage these types of offers for help. Many of us are willing to help, but certainly don't have the necessary time cycles to do so as effectively as some of the rest of the core team. If there was a way to make jumping in and helping out with a few mundane tasks or throwing spare CPU cycles at tasks I think a lot of the "weekend warriors" could be more effectively leveraged.
Excellent suggestion! I'm sure I'm not the only one who would love to contribute but quite obvious lack the skills to do anything really advanced.
There was a somewhat similar in spirit thread on CentOS forum about PHP5.2 and somebody mentioned things are slow because none of us are willing to help test. When I saw it, the only thing came to mind was "How?"
So if it's possible, I'd be more than happy to throw in spare CPU cycles to help compile some binaries or run automated tests etc!
My thoughts exactly
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Noob Centos Admin Sent: Monday, March 23, 2009 10:00 PM To: CentOS mailing list Subject: Re: [CentOS] Getting ready for CentOS 5.4
<snip> So if it's possible, I'd be more than happy to throw in spare CPU cycles to help compile some binaries or run automated tests etc! _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Ward.P.Fontenot@wellsfargo.com wrote:
My thoughts exactly
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Noob Centos Admin Sent: Monday, March 23, 2009 10:00 PM To: CentOS mailing list Subject: Re: [CentOS] Getting ready for CentOS 5.4
<snip> So if it's possible, I'd be more than happy to throw in spare CPU cycles to help compile some binaries or run automated tests etc!
The thread on the forum was referring to the need to use and report on packages in the testing repo, in order to get them out of testing and into standard CentOS repos.
See http://wiki.centos.org/Contribute "Help with hunting bugs and finding fixes".
Phil
Hi,
As the OP (original poster?) I've read all messages so far and instead of replying to each one I'd like to sum all up and perhaps clarify my post so we can move on with some more productive debate.
A background info: I've been using CentOS for almost three years and I am happy with it. Sometimes I do need to use something no provided by it (nor RHEL) and I use separate repositories but it is minimal.
My intention while posting the question is that, even tough it is a community based distro, I felt confused by the fact that a long time has passed and still no message was posted explaining why that happened and no call for help (if that was the case) was made.
One suggested that if I was not happy just go and buy the RHEL with their support. Otherwise shut up and be glad with whatever I receive (for free) from CentOS. I think we can reach a middle ground.
One reported that the development team of CentOS has only three guys and they can have personal problems (link being sick, tired, getting married - not that this is a problem).
I do not have any sort of numbers of the popularity of CentOS but I suspect that we are very popular and in that sense a certain level of responsibility (to that community) is required.
Please note that I am not saying that the team (3 or 300) is not responsible. As I've been made aware by some posts the team shows a level of commitment that surely affects their personal/professional environment.
But in the end we can't close our eyes to the fact that this release is 'late' and that security issues were disclosed and so far no real date is set.
And that is the focus. No matter how much effort and despite the problems that occurred between the RHEL release and CentOS we must ask ourselves why it happened this way and what can I(we) do to improve that.
I think that the team (and other members of this list) ask the same question when they finish something and start wondering how they can make it better/faster/cheaper.
In that sense my suggestions : raise money / improve transparency / build some sort of communication channel for situations like this go in that direction.
We should have fun. If this is not the case sooner or later we will give up. And as long as CentOS stays a relevant distro the pressure (not only from me) will continue to raise. How to create a comfort zone is this case?
Perhaps this particular episode can reveal some aspects that, at least for myself, were unknown. So the final questions are:
a) does the team (or the core at least) feel the same way/think this maybe a problem? b) what can we do next?
Regards.
I've got a couple of cents change here...
On Thu, 26 Mar 2009 17:41:41 -0400 mbneto mbneto@gmail.com wrote:
I do not have any sort of numbers of the popularity of CentOS but I suspect that we are very popular and in that sense a certain level of responsibility (to that community) is required.
"required"? How do you figure anything is *required* of volunteers? Show me your support contract.
If you're worried that CentOS is "late" or is stopping you from fulfilling your own contractual obligations, perhaps you should stop being a tight-arse and pay for RedHat support.
When you pay nothing, you have no right to expect anything. Unless they're your slaves, and I'm pretty sure that's not the case here.
And as long as CentOS stays a relevant distro the pressure (not only from me) will continue to raise.
This is just rude.
On Fri, Mar 27, 2009 at 11:38:06AM +1300, Spiro Harvey wrote:
I've got a couple of cents change here...
On Thu, 26 Mar 2009 17:41:41 -0400 mbneto mbneto@gmail.com wrote:
I do not have any sort of numbers of the popularity of CentOS but I suspect that we are very popular and in that sense a certain level of responsibility (to that community) is required.
"required"? How do you figure anything is *required* of volunteers? Show me your support contract.
If you're worried that CentOS is "late" or is stopping you from fulfilling your own contractual obligations, perhaps you should stop being a tight-arse and pay for RedHat support.
When you pay nothing, you have no right to expect anything. Unless they're your slaves, and I'm pretty sure that's not the case here.
And as long as CentOS stays a relevant distro the pressure (not only from me) will continue to raise.
This is just rude.
I really wish people would quit being so over-sensitive like this. How many disclaimers must be posted? We are ALL aware that nothing is guaranteed nor supported in a volunteer project such as this one.
Is there still no room for positive feedack and discussion from developers and end users alike on how to approve things?
Let's not assume the OP is attacking anyone. I'm assuming he's looking for a way to help.
Ray
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ray Van Dolson Sent: Thursday, March 26, 2009 11:50 PM To: centos@centos.org Subject: Re: [CentOS] Getting ready for CentOS 5.4
Is there still no room for positive feedack and discussion from developers and end users alike on how to approve things?
I've recently migrated a dozen or so RHEL3-machines to CentOS5 for our university linux course-farm. The machines are used by students as I write this. Students use them, and knowing prying students, CentOS still works like a charm and so does the molecular modeling software running off of CentOS.
The handful of new Intel i7-calculation machines we recently bought for our group of Ph. D.-Students are awesome and just hilariously fast with CentOS5.
I'm very happy with CentOS!
Good enough feedback? 8-}
Spiro Harvey schrieb:
I've got a couple of cents change here...
While I do think some of the wording of the post that the above post was replying to was a bit mis-chosen, I like to believe it had a positive spin. (In that it didn't want to put blame on anybody)
I *do* agree with the sentiment that people should buy RHEL for stuff they consider critical. Or just change distro if they think they get a better deal elsewhere.
Which is what I normaly do, unless management decides they can get away cheaper and in essence get RHEL + updates for free with CentOS.
The CentOS team certainly doesn't owe me CentOS 5.3 by now - in the same way I can't really complain about a late (again) FreeBSD release.
Rainer
Rainer Duffner wrote:
Spiro Harvey schrieb:
I've got a couple of cents change here...
While I do think some of the wording of the post that the above post was replying to was a bit mis-chosen, I like to believe it had a positive spin. (In that it didn't want to put blame on anybody)
I *do* agree with the sentiment that people should buy RHEL for stuff they consider critical. Or just change distro if they think they get a better deal elsewhere.
Which is what I normaly do, unless management decides they can get away cheaper and in essence get RHEL + updates for free with CentOS.
The CentOS team certainly doesn't owe me CentOS 5.3 by now - in the same way I can't really complain about a late (again) FreeBSD release.
While I love CentOS, think the team does the best possible job, and appreciate the work they put into undoing the restrictions on redistribution by the upstream distro, I have to wonder if it isn't time to just switch to a base distribution that doesn't impose those restrictions that force the extra work and delays in the first place.
Is there still any reason other than having to learn to type 'apt-get' instead of 'yum' to prefer Centos over Ubuntu? I think for me it is just that I started with RH before they imposed the redistribution restriction nonsense and have been too lazy to change administration styles (and debian's "release-when-it's-ready" schedule wasn't attractive at the time). On a test machine I've noted that Ubuntu worked with the wireless adapter where Centos didn't, Sun Java is included, and the update mechanism seems faster and better suited to caching proxies. But it still feels slightly weird and unfamiliar. Are there reasons to not trust it?
Les Mikesell wrote:
Is there still any reason other than having to learn to type 'apt-get' instead of 'yum' to prefer Centos over Ubuntu? I think for me it is just that I started with RH before they imposed the redistribution restriction nonsense and have been too lazy to change administration styles (and debian's "release-when-it's-ready" schedule wasn't attractive at the time). On a test machine I've noted that Ubuntu worked with the wireless adapter where Centos didn't, Sun Java is included, and the update mechanism seems faster and better suited to caching proxies. But it still feels slightly weird and unfamiliar. Are there reasons to not trust it?
I think it's safe to assume that the majority of CentOS users out there run CentOS on servers, not on desktops/laptops/etc.
I have been using Debian for 11 years(since hamm), and use it on all of my personal desktops. I have used Ubuntu on my laptops. With Debian 5.0 coming out recently I may make my next laptop run that. I haven't had a need to use a laptop on a regular basis in over a year now so my laptops are collecting dust for the most part(still use it for travel when I travel).
I know there are some, but I am not one that uses CentOS(or RHEL) on a desktop system. CentOS/RHEL make great server systems for many types of servers(I prefer debian on my personal gear because of the larger, supported package repositories). My work gear is much larger scale so I put together manually package dependencies and special versions of some packages to distribute across tens or hundreds of systems as-needed. My personal server doesn't need such attention or else I might use CentOS there too.
I have no problem myself in CentOS being weeks/months behind RHEL. I still have legacy systems running RHEL 3 Update 3. And they are not going to get updated, just re-installed from scratch when I have time to get to them.
All of the systems I manage are fairly well protected and generally only have trusted users that interact with them, internet-facing services are entirely 3rd party packages(e.g. java+tomcat), maintained independently of the OS, so security risks are very low. I'm still going through the list of older RHEL 4 Update 4 systems and getting them re-installed with something newer, at this rate maybe another 3-4 months, at which point it may be time to be able to widely deploy CentOS 5. The main reason for going back and updating things isn't because the OS is old it's more because the management and configuration on those older systems is so broken the only way to fix them safely is to re-install.
If you want another distribution, go to another distribution, I can't imagine why CentOS would want to base themselves on Ubuntu when you can already get Ubuntu pretty easily for "free".
CentOS/RHEL have their places they provide a valuable service to the world. As far as I know our F5 load balancers are based on CentOS(they were as of a few years ago, I'm not sure if F5 has changed their distribution since, I suspect not, is based on RHEL-3), and our recently purchased high performance Exanet NAS cluster runs on CentOS 4.4. While my back end storage array from 3PAR runs on Debian.
Not everyone needs the latest & greatest, not everyone needs the most current security updates. Make your own risk assessments based on your environment and use what makes you feel comfortable to sleep at night.
I don't see a need for CentOS to change a thing, hopefully they can get more support if they need it, I try to help as best I can on the list answering other's questions.
nate
nate wrote:
Les Mikesell wrote:
[...]
I think it's safe to assume that the majority of CentOS users out there run CentOS on servers, not on desktops/laptops/etc.
So I'm one from the minority then :-). CentOS 5 is running on (almost) all servers and (really) all Linux clients here. Being used to the "RedHat" way from a former job and not being happy with the fast release cycles of Fedora, CentOS was a logical choice. No more system instabilities and no more package incompatibilities since we switched from Fedora (let's keep fingers crossed). That's what I call "Enterprise grade" :-)
I don't care if the CentOS release comes days or weeks (or months) after the RedHat release as long as it comes one day.
And sincerely: I don't understand, why RedHat/CentOS should not be used on desktops.
Cheers
frank
Frank Thommen wrote:
nate wrote:
Les Mikesell wrote:
[...]
I think it's safe to assume that the majority of CentOS users out there run CentOS on servers, not on desktops/laptops/etc.
So I'm one from the minority then :-). CentOS 5 is running on (almost) all servers and (really) all Linux clients here. Being used to the "RedHat" way from a former job and not being happy with the fast release cycles of Fedora, CentOS was a logical choice. No more system instabilities and no more package incompatibilities since we switched from Fedora (let's keep fingers crossed). That's what I call "Enterprise grade" :-)
Amen! I'm very much hoping that 5.3 will allow me to run CentOS on my laptop so that I can get away from the half-implemented features and "Let's see what last night's update broke!" issues with Fedora. CentOS works just fine on my desktop.
I don't care if the CentOS release comes days or weeks (or months) after the RedHat release as long as it comes one day.
The problem for everyone is that security updates that come along during those "weeks (or months)" either get delayed until the CentOS release comes or else somebody (i.e., an already overworked developer) has to make the extra effort to make the patch work in the current release.
Rob Kampen Neal Development Group
On Mar 27, 2009, at 18:39, Frank Thommen <frank.thommen@embl-heidelberg.de
wrote:
nate wrote:
Les Mikesell wrote:
[...]
I think it's safe to assume that the majority of CentOS users out there run CentOS on servers, not on desktops/laptops/etc.
So I'm one from the minority then :-). CentOS 5 is running on (almost) all servers and (really) all Linux clients here. Being used to the "RedHat" way from a former job and not being happy with the fast release cycles of Fedora, CentOS was a logical choice. No more system instabilities and no more package incompatibilities since we switched from Fedora (let's keep fingers crossed). That's what I call "Enterprise grade" :-)
I don't care if the CentOS release comes days or weeks (or months) after the RedHat release as long as it comes one day.
And sincerely: I don't understand, why RedHat/CentOS should not be used on desktops.
Cheers
frank
I love CentOS. Use it at home, also at my small business. Doing a count I find that I have 5 servers, 2 work stations with dual LCD monitors, and one laptop. The team and supporting repos do a GREAT job, very much appreciated. I am trying to find ways to help, offer the occasional response to requests etc. Keep up the excellent work, this community member thanks you.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Les Mikesell wrote:
While I love CentOS, think the team does the best possible job, and appreciate the work they put into undoing the restrictions on redistribution by the upstream distro, I have to wonder if it isn't time to just switch to a base distribution that doesn't impose those restrictions that force the extra work and delays in the first place.
What restrictions are you talking about exactly?
Personally, I run Centos on my server because it doesn't change too rapidly, and this makes me think it can be trusted not to cause me too much trouble.
I don't mind taking that trouble on my laptops, where I run Fedora-10.
Timothy Murphy wrote:
Les Mikesell wrote:
While I love CentOS, think the team does the best possible job, and appreciate the work they put into undoing the restrictions on redistribution by the upstream distro, I have to wonder if it isn't time to just switch to a base distribution that doesn't impose those restrictions that force the extra work and delays in the first place.
What restrictions are you talking about exactly?
The ones that require the work that the CentOS team does to rebuild/rebrand/repackage before redistribution is permitted. This was not required in the early days when RH developed its community support (up through RH9) and perhaps it would have been wiser to walk away from everything RedHat-related the day they made that change. There just didn't seem to be a suitable alternative until Ubuntu started the long-term support releases.
Les Mikesell wrote:
The ones that require the work that the CentOS team does to rebuild/rebrand/repackage before redistribution is permitted. This was
As a corporation Red Hat HAD to do that, even if IANAL. CentOS as a model works just fine. Sure, sometimes there can be a lack of manpower for something. After all, it is a volunteer project that people run in their spare time!
Of course, the geek in me waits for the next release. It is always waiting for the next release and the next new toy. If I really NEEDED the next release, I would use RHEL.
Come on folks, get a perspective of what we are doing here.
On Fri, Mar 27, 2009 at 12:34:04PM -0500, Les Mikesell wrote:
Rainer Duffner wrote:
Spiro Harvey schrieb:
I've got a couple of cents change here...
While I do think some of the wording of the post that the above post was replying to was a bit mis-chosen, I like to believe it had a positive spin. (In that it didn't want to put blame on anybody)
I *do* agree with the sentiment that people should buy RHEL for stuff they consider critical. Or just change distro if they think they get a better deal elsewhere.
Which is what I normaly do, unless management decides they can get away cheaper and in essence get RHEL + updates for free with CentOS.
The CentOS team certainly doesn't owe me CentOS 5.3 by now - in the same way I can't really complain about a late (again) FreeBSD release.
While I love CentOS, think the team does the best possible job, and appreciate the work they put into undoing the restrictions on redistribution by the upstream distro, I have to wonder if it isn't time to just switch to a base distribution that doesn't impose those restrictions that force the extra work and delays in the first place.
Is there still any reason other than having to learn to type 'apt-get' instead of 'yum' to prefer Centos over Ubuntu? I think for me it is just that I started with RH before they imposed the redistribution restriction nonsense and have been too lazy to change administration styles (and debian's "release-when-it's-ready" schedule wasn't attractive at the time). On a test machine I've noted that Ubuntu worked with the wireless adapter where Centos didn't, Sun Java is included, and the update mechanism seems faster and better suited to caching proxies. But it still feels slightly weird and unfamiliar. Are there reasons to not trust it?
Oh boy. Now we're going in a completely new direction on this thread. :-D
Nothing wrong with changing distros of course, but, at least for me my reasons for staying with RH/Fedora/Cent are mainly that RHEL is still the "corporate" standard and more likely to keep me employed. I'd prefer to stay familiar with the "RH" environment for this reason alone.
As long as RH continues to employ a large chunk of the Linux development community, it will continue to be a major player in the enterprise space. And if not for CentOS someone else would step up and fill the void of a "free" version.
Ray
2009/3/27 Spiro Harvey spiro@knossos.net.nz:
"required"? How do you figure anything is *required* of volunteers? Show me your support contract.
If you're worried that CentOS is "late" or is stopping you from fulfilling your own contractual obligations, perhaps you should stop being a tight-arse and pay for RedHat support.
When you pay nothing, you have no right to expect anything. Unless they're your slaves, and I'm pretty sure that's not the case here.
And as long as CentOS stays a relevant distro the pressure (not only from me) will continue to raise.
This is just rude.
I think you're over-reacting or maybe just misunderstanding what I believe the OP was trying to put across.
Personally, even when I volunteer to do something, I do my best to do a good job of it. If something's worth doing, it's worth doing it right, paid or otherwise. So even on a personal level, there are "requirements" and "pressure". If you are organising a charity event, would you accept a team of helpers who may or not may not show up simply because they are "volunteers"?
Now, I don't think any of us here are demanding the CentOS to meet strict deadlines or some corporate standards of performance here. Nobody's saying the CentOS developers can't take a vacation, can't fall sick, etc.
If you read our posts, most of us are wondering where did the snags occur, how we can help to ease such problems, how we can help prevent these from recurring. These are issues that must be tackled if we want the CentOS project to flourish. Like mbneto said, as things grow, pressure & expectations will increase.
I don't think we want to see the team get frustrated and give up due to these pressures or expectations. One of the best way to deal with expectations/pressure is good communications. It doesn't even matter if the communications is that there are delays due to personal issues. People read it, people understand and nobody bugs the team about what's going on, they will feel less pressured.
Similarly, if there's a way for us as non-development-savvy folks to contribute our resources, it would also help relieve pressure on the team.
All we are trying to achieve with this discussion, I believe, is to identify problem areas, see if we can help out. So as to keep the project "fun" for the developers to continue and not one day burn out because they feel so unsupported, unappreciated and harrassed.
Hello:
Well said!
I tremendously appreciate the effort the development team puts in and am not complaining one bit about how long things take. They take what they take and that is fine by me. Please do not let the negative comments of a few people reflect badly on the majority of people that truly value and appreciate this project.
THANK YOU to everyone involved in CentOS!
Neil
-- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details.
All we are trying to achieve with this discussion, I believe, is to identify problem areas, see if we can help out. So as to keep the project "fun" for the developers to continue and not one day burn out because they feel so unsupported, unappreciated and harrassed.
On Sat, 2009-03-28 at 08:01 -0500, Neil Aggarwal wrote:
Hello:
Well said!
I tremendously appreciate the effort the development team puts in and am not complaining one bit about how long things take. They take what they take and that is fine by me. Please do not let the negative comments of a few people reflect badly on the majority of people that truly value and appreciate this project.
THANK YOU to everyone involved in CentOS!
+1
Just to add to what has been previously been said ...
It's a conundrum for a successful project that starts as a loose-knit consortium of interested folks. At some point, as time passes, real life injects some demands and the informal structure begins to suffer stress, evidenced by longer delays or other symptoms.
As someone mentioned, burn-out becomes possible. The contributors may feel unfairly pressured or even perceive criticisms where none were intended. This is often due to the natural conflict of wanting to do a good job on the project and have a life too.
A great deal of satisfaction can be had when the success leads to a more cohesive and coordinated project that "takes on a life of its own" and the original members realize they have spawned a long-lived project that will continue after they make the choice to exit the project.
For this to be realized, it's usually necessary to have a more formal structure, a transition plan for people to enter and exit the project without cataclysmic shock, and other such "corporate" structures. The big downside to this is the inevitable politics that may rear its ugly head.
As a step to reducing the "pressure" and dissatisfaction of "Are We There Yet?" ("When will xxx be released?"), a simple publication of a projected time line will help. It should be updated as needed. It should understood that this could be another source of "pressure" as a release date nears and folks realize it may be missed.
<*sigh*>
Everything has a downside.
Neil
<snip sig stuff>
On Sun, Mar 29, 2009 at 3:13 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
As a step to reducing the "pressure" and dissatisfaction of "Are We There Yet?" ("When will xxx be released?"), a simple publication of a projected time line will help. It should be updated as needed. It should understood that this could be another source of "pressure" as a release date nears and folks realize it may be missed.
I'll suggest that instead of a timeline, which would be a source of pressure like you said, a weekly progress update would be just fine. Similar to what Karanbir, IIANW, has done on his twitter/blog recently. Maybe something like
"CentOS 5.4 Progress: Completed 2/7 Stages. Stage 3 estimated 5% completed. No progress expected for next two weeks due to XYZ convention"
The main thing is actually the VISIBILITY part. Putting it on CentOS frontpage would cut down a lot of the unnecessary "when/where" questions and leave the developers in peace :)
On Sun, 2009-03-29 at 06:30 +0800, Noob Centos Admin wrote:
On Sun, Mar 29, 2009 at 3:13 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
As a step to reducing the "pressure" and dissatisfaction of "Are We There Yet?" ("When will xxx be released?"), a simple publication of a projected time line will help. It should be updated as needed. It should understood that this could be another source of "pressure" as a release date nears and folks realize it may be missed.
I'll suggest that instead of a timeline, which would be a source of pressure like you said, a weekly progress update would be just fine. Similar to what Karanbir, IIANW, has done on his twitter/blog recently. Maybe something like
"CentOS 5.4 Progress: Completed 2/7 Stages. Stage 3 estimated 5% completed. No progress expected for next two weeks due to XYZ convention"
The main thing is actually the VISIBILITY part. Putting it on CentOS frontpage would cut down a lot of the unnecessary "when/where" questions and leave the developers in peace :)
Excellent! And further relief could be provided by posting it on the announce list periodically. That way any of the folks that wanted to know could subscribe to announce and then woe be it to anyone who posts here asking "When will ... ?". >:-)
I'm *hoping* that would be less effort than other options.
Regardless, any kind of additional visibility would impose some additional load. The Q is do the folks that do the heavy lifting think it's actually worth the effort?
<snip sig stuff>
mbneto wrote:
Hi,
Since the release of CentOS 5.3 is imminent(?) I'd like to ask a question regarding why did it took so long to be released and, more important, suggest some actions in order to reduce this time if I can assume what caused this delay.
Late? I just finished cleaning up my file systems in anticipation that it was probably about ready. Looked at the forum, and saw that it should be here any time now.
So it's not late to me :p
First I'd like to make sure I am not complaining about this delay between the RHEL and CentOS releases per se. I did not help in any way to make it happen faster and usually I don't mind having a three weeks gap between them. But I've noticed that we had two security related kernel updates from RHEL since the RHEL 5.3 release and there is no word on when it will be released or why is it taking so long.
You can buy RHEL you know. You can also get RHEL src.rpm for packages with critical security that impact you and rebuild them.
Most security related updates are not exploitable, as in no known exploit exists. Were there a serious exploit, you undoubtedly would see a patch - last time there was a serious vulnerability (local kernel exploit) there were CentOS users who had patches that could be applied to CentOS src.rpm before RHEL had an official fix.
If there is a serious security issue, you can get help.
I can only assume that this delay is caused by lack of the necessary human resources.
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up. If RH maintains the 4-6 month schedule it can happen again in less than three months.
Wow, I really must be out of the loop. New versions of RHEL every 4-6 months?
Damn. I left Fedora because their release schedule was too frequent ...
Michael A. Peters wrote:
First I'd like to make sure I am not complaining about this delay between the RHEL and CentOS releases per se. I did not help in any way to make it happen faster and usually I don't mind having a three weeks gap between them. But I've noticed that we had two security related kernel updates from RHEL since the RHEL 5.3 release and there is no word on when it will be released or why is it taking so long.
You can buy RHEL you know. You can also get RHEL src.rpm for packages with critical security that impact you and rebuild them.
Or there is Scientific Linux (https://www.scientificlinux.org/) which has done the 5.3 release.
So, if this is really the case I'd suggest making some sort of campaign to raise money and provide the necessary resources in order to speed things up. If RH maintains the 4-6 month schedule it can happen again in less than three months.
Wow, I really must be out of the loop. New versions of RHEL every 4-6 months?
Damn. I left Fedora because their release schedule was too frequent ...
The Fedora releases change behavior wildly with each release. The point of enterprise versions is that they maintain backwards compatibility even if they add some new features.
Les Mikesell wrote:
Michael A. Peters wrote:
Wow, I really must be out of the loop. New versions of RHEL every 4-6 months?
Damn. I left Fedora because their release schedule was too frequent ...
The Fedora releases change behavior wildly with each release. The point of enterprise versions is that they maintain backwards compatibility even if they add some new features.
Yes, the RHEL releases are akin to the service packs of MS Windows. You'll get some new features and a few changes, but it'll still be the same basic system. Fedora releases are more like moving from Windows XP to Vista, or more precisely, from a reasonably mature Windows XP to a Beta release of Vista.
Robert Nichols wrote:
Les Mikesell wrote:
Michael A. Peters wrote:
Wow, I really must be out of the loop. New versions of RHEL every 4-6 months?
Damn. I left Fedora because their release schedule was too frequent ...
The Fedora releases change behavior wildly with each release. The point of enterprise versions is that they maintain backwards compatibility even if they add some new features.
Yes, the RHEL releases are akin to the service packs of MS Windows. You'll get some new features and a few changes, but it'll still be the same basic system. Fedora releases are more like moving from Windows XP to Vista, or more precisely, from a reasonably mature Windows XP to a Beta release of Vista.
My comment was joke - RHEL releases don't come out every 4-6 months (not for a major version anyway).
I do wish though that EPEL had a better policy, there have been several occasions when I have had had to recompile something of my own for the simple reason that EPEL versioned a shared library.
The Firefox 1.5 to 3.0 move in RHEL was at least understandable, there was good reason for that, but some of the EPEL changes - I think they leave it to the discretion of the packager but it's annoying.
On Sun, Mar 29, 2009 at 12:46:35PM -0700, Michael A. Peters wrote:
The Firefox 1.5 to 3.0 move in RHEL was at least understandable, there was good reason for that, but some of the EPEL changes - I think they leave it to the discretion of the packager but it's annoying.
Unfortunately it's often times not feasible for an EPEL package maintainer to backport security fixes as RH is able to do. We simply don't have the time nor skillset.
Ray
Ray Van Dolson wrote:
On Sun, Mar 29, 2009 at 12:46:35PM -0700, Michael A. Peters wrote:
The Firefox 1.5 to 3.0 move in RHEL was at least understandable, there was good reason for that, but some of the EPEL changes - I think they leave it to the discretion of the packager but it's annoying.
Unfortunately it's often times not feasible for an EPEL package maintainer to backport security fixes as RH is able to do. We simply don't have the time nor skillset.
I really apologize - reading my own post, I sounded like a jerk. I stopped maintaining for Fedora Extras because I just no longer had the time, and I do understand the issue and am grateful that the packages exist so that I don't have to compile as many myself.
It is a little frustrating and annoying, but I do greatly appreciate the contributions of those who contribute even when a shared lib does version.
On Sun, Mar 29, 2009 at 09:56:07PM -0700, Michael A. Peters wrote:
Ray Van Dolson wrote:
On Sun, Mar 29, 2009 at 12:46:35PM -0700, Michael A. Peters wrote:
The Firefox 1.5 to 3.0 move in RHEL was at least understandable, there was good reason for that, but some of the EPEL changes - I think they leave it to the discretion of the packager but it's annoying.
Unfortunately it's often times not feasible for an EPEL package maintainer to backport security fixes as RH is able to do. We simply don't have the time nor skillset.
I really apologize - reading my own post, I sounded like a jerk. I stopped maintaining for Fedora Extras because I just no longer had the time, and I do understand the issue and am grateful that the packages exist so that I don't have to compile as many myself.
It is a little frustrating and annoying, but I do greatly appreciate the contributions of those who contribute even when a shared lib does version.
No worries, didn't think you had a bad tone in your message.. I actually have an EPEL bug open right now. User wants me to upgrade the pymssql package to a newer major release version. I'll probably go ahead and do it since I don't have the skills nor time to backport fixes to the current 0.9 version I maintain......
Fortunately ABI changes _supposedly_ weren't made. :-)
We'll see if I get any follow-up bugs afterwards from angry folk whose apps I broke ;-)
Ray
Michael A. Peters wrote:
Wow, I really must be out of the loop. New versions of RHEL every 4-6 months?
Damn. I left Fedora because their release schedule was too frequent ...
The Fedora releases change behavior wildly with each release. The point of enterprise versions is that they maintain backwards compatibility even if they add some new features.
Yes, the RHEL releases are akin to the service packs of MS Windows. You'll get some new features and a few changes, but it'll still be the same basic system. Fedora releases are more like moving from Windows XP to Vista, or more precisely, from a reasonably mature Windows XP to a Beta release of Vista.
My comment was joke - RHEL releases don't come out every 4-6 months (not for a major version anyway).
I do wish though that EPEL had a better policy, there have been several occasions when I have had had to recompile something of my own for the simple reason that EPEL versioned a shared library.
The Firefox 1.5 to 3.0 move in RHEL was at least understandable, there was good reason for that, but some of the EPEL changes - I think they leave it to the discretion of the packager but it's annoying.
But its still a lot better than nothing if you can grab a src rpm and 'rpmbuild --rebuild' it to get a working version.
Les:
Honest question, not intended to be smart assed in any way:
Why have you not moved to SL since they have released the update before CentOS?
Neil
-- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details.
Or there is Scientific Linux (https://www.scientificlinux.org/) which has done the 5.3 release.
Neil Aggarwal wrote:
Les:
Honest question, not intended to be smart assed in any way:
Why have you not moved to SL since they have released the update before CentOS?
If I liked changing things on a whim, I wouldn't be using enterprise type distributions in the first place. And since this '5.4' discussion is about the future - it's sad but I don't any more faith in the future of research funding than in volunteer efforts.
But philosophically, it just seems wrong that the rebranding work has to be done at all, much less multiple times.
On Sun, Mar 29, 2009 at 10:25:16PM -0500, Les Mikesell wrote:
Neil Aggarwal wrote:
Les:
Honest question, not intended to be smart assed in any way:
Why have you not moved to SL since they have released the update before CentOS?
If I liked changing things on a whim, I wouldn't be using enterprise type distributions in the first place. And since this '5.4' discussion is about the future - it's sad but I don't any more faith in the future of research funding than in volunteer efforts.
But philosophically, it just seems wrong that the rebranding work has to be done at all, much less multiple times.
Maybe so. But a much more difficult problem to overcome, and not one that's likely to change.
RH has $$, and $$ are a target for lawsuits. RH needs to be able to make it clear they are *not* CentOS.
Just the world we live in. Honestly, RH doesn't even have to make it as easy as they do (see SLES).
Ray
Ray Van Dolson wrote:
On Sun, Mar 29, 2009 at 10:25:16PM -0500, Les Mikesell wrote:
Neil Aggarwal wrote:
Les:
Honest question, not intended to be smart assed in any way:
Why have you not moved to SL since they have released the update before CentOS?
If I liked changing things on a whim, I wouldn't be using enterprise type distributions in the first place. And since this '5.4' discussion is about the future - it's sad but I don't any more faith in the future of research funding than in volunteer efforts.
But philosophically, it just seems wrong that the rebranding work has to be done at all, much less multiple times.
Maybe so. But a much more difficult problem to overcome, and not one that's likely to change.
RH has $$, and $$ are a target for lawsuits. RH needs to be able to make it clear they are *not* CentOS.
Just the world we live in. Honestly, RH doesn't even have to make it as easy as they do (see SLES).
So what would be the down side to just walking away from everything RH-related now that Ubuntu has a free alternative with long term support? I thought perhaps when I mentioned it earlier there would be a flurry of responses pointing out functional deficiencies but so far there have been none. I would never have started using RH in the early days if it had not been freely redistributable. Now the clones are better than nothing, but it still seems wrong.
On Sun, Mar 29, 2009 at 10:56:56PM -0500, Les Mikesell wrote:
Ray Van Dolson wrote:
On Sun, Mar 29, 2009 at 10:25:16PM -0500, Les Mikesell wrote:
Neil Aggarwal wrote:
Les:
Honest question, not intended to be smart assed in any way:
Why have you not moved to SL since they have released the update before CentOS?
If I liked changing things on a whim, I wouldn't be using enterprise type distributions in the first place. And since this '5.4' discussion is about the future - it's sad but I don't any more faith in the future of research funding than in volunteer efforts.
But philosophically, it just seems wrong that the rebranding work has to be done at all, much less multiple times.
Maybe so. But a much more difficult problem to overcome, and not one that's likely to change.
RH has $$, and $$ are a target for lawsuits. RH needs to be able to make it clear they are *not* CentOS.
Just the world we live in. Honestly, RH doesn't even have to make it as easy as they do (see SLES).
So what would be the down side to just walking away from everything RH-related now that Ubuntu has a free alternative with long term support? I thought perhaps when I mentioned it earlier there would be a flurry of responses pointing out functional deficiencies but so far there have been none. I would never have started using RH in the early days if it had not been freely redistributable. Now the clones are better than nothing, but it still seems wrong.
If it makes sense for your situation, by all means do what's best for you!
I've layed out my reasons for sticking with RH (and Fedora, CentOS):
- RH is *the* corporate standard. We don't interview people looking for Ubuntu skills -- it's always RH. I don't see that changing anytime soon either. - Related to the above: RH employs many of the top Linux development people. If my business needs something fixed, I have confidence (and they past experience) that they will be able to help me. As more of a "feeder" Distro, I don't have this same confidence with Ubuntu although I'm sure they have many talented folk. They rely a lot more on Fedora/Debian to do their development heavy lifting.
So, for me, the RH way is the way that pays the bills. And, while philosophically you may not like their redistribution restrictions, but I certainly like their philosophical approach to contributing back to the community. A huge effort is made by RH to get code upstream so it benefits Fedora, RH, SLES, Ubuntu -- everyone. Not something Ubuntu is known for.
So if you need a more philosophical reason, there's a pretty good one. :)
Just my $0.02. I've always been a proponent of use the best tool for the job however; so if Ubuntu fits your needs better? By all means use it!
Ray
On Sun, 2009-03-29 at 22:56 -0500, Les Mikesell wrote:
So what would be the down side to just walking away from everything RH-related now that Ubuntu has a free alternative with long term support? I thought perhaps when I mentioned it earlier there would be a flurry of responses pointing out functional deficiencies but so far there have been none. I would never have started using RH in the early days if it had not been freely redistributable. Now the clones are better than nothing, but it still seems wrong.
---- There's nothing inherently wrong with Ubuntu as far as I can tell and yes, some versions do have long term support and you can purchase support from Canonical. But you've been around long enough to know all this so I'm not sure what point you are trying to make because each Linux distribution has its own strengths and weaknesses and that includes RHEL (CentOS) and Ubuntu, etc.
Craig
On Sun, 2009-03-29 at 21:24 -0700, Craig White wrote:
On Sun, 2009-03-29 at 22:56 -0500, Les Mikesell wrote:
So what would be the down side to just walking away from everything RH-related now that Ubuntu has a free alternative with long term support? I thought perhaps when I mentioned it earlier there would be a flurry of responses pointing out functional deficiencies but so far there have been none. I would never have started using RH in the early days if it had not been freely redistributable. Now the clones are better than nothing, but it still seems wrong.
There's nothing inherently wrong with Ubuntu as far as I can tell and yes, some versions do have long term support and you can purchase support from Canonical. But you've been around long enough to know all this so I'm not sure what point you are trying to make because each Linux distribution has its own strengths and weaknesses and that includes RHEL (CentOS) and Ubuntu, etc.
Craig
This is just my 2 cents worth. The reason I run Cent OS is because it just seems to be rock solid stable. That's something I haven't seen in any of the other distros, or MS Windows. My computers are my lifeline to my jobs. I get my assignments by way of my computer, and I report my completed assignments on my computer. It's bad enough to have to deal with hardware failures from time to time, so the last thing I want to deal with on top of that is a finicky OS or software. I run Cent OS on both of my laptops, and all three of my desktops, and I can power any one of those machines up, and so far Cent OS has never failed me. Cent OS just works. That's what matters to me.
Just my 2 cents
Jim
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Jimmy Bradley wrote:
This is just my 2 cents worth. The reason I run Cent OS isbecause it just seems to be rock solid stable. That's something I haven't seen in any of the other distros, or MS Windows. My computers are my lifeline to my jobs. I get my assignments by way of my computer, and I report my completed assignments on my computer. It's bad enough to have to deal with hardware failures from time to time, so the last thing I want to deal with on top of that is a finicky OS or software. I run Cent OS on both of my laptops, and all three of my desktops, and I can power any one of those machines up, and so far Cent OS has never failed me. Cent OS just works. That's what matters to me.
Just my 2 cents
That's very much the mindset of many CentOS users.
Florin Andrei wrote:
Jimmy Bradley wrote:
This is just my 2 cents worth. The reason I run Cent OS isbecause it just seems to be rock solid stable. That's something I haven't seen in any of the other distros, or MS Windows. My computers are my lifeline to my jobs. I get my assignments by way of my computer, and I report my completed assignments on my computer. It's bad enough to have to deal with hardware failures from time to time, so the last thing I want to deal with on top of that is a finicky OS or software. I run Cent OS on both of my laptops, and all three of my desktops, and I can power any one of those machines up, and so far Cent OS has never failed me. Cent OS just works. That's what matters to me.
Just my 2 centsThat's very much the mindset of many CentOS users.
Yes, there are not too many surprises with CentOS. However, debian has also had a very good reputation for stability - and Ubuntu builds on that while also providing timely releases.
Yes, there are not too many surprises with CentOS. However, debian has also had a very good reputation for stability - and Ubuntu builds on that while also providing timely releases.
Please do not subscribe to the notion that ubuntu builds on Debian stability.
Ubuntu has had releases with certain key tools broken such as the GNOME Network configuration tool.
Christopher Chan wrote:
Yes, there are not too many surprises with CentOS. However, debian has also had a very good reputation for stability - and Ubuntu builds on that while also providing timely releases.
Please do not subscribe to the notion that ubuntu builds on Debian stability.
Debian stability comes from never changing anything, so obviously not...
Ubuntu has had releases with certain key tools broken such as the GNOME Network configuration tool.
Has that been the case in the LTS release?
Les Mikesell wrote:
Christopher Chan wrote:
Yes, there are not too many surprises with CentOS. However, debian has also had a very good reputation for stability - and Ubuntu builds on that while also providing timely releases.
Please do not subscribe to the notion that ubuntu builds on Debian stability.
Debian stability comes from never changing anything, so obviously not...
Heh.
Ubuntu has had releases with certain key tools broken such as the GNOME Network configuration tool.
Has that been the case in the LTS release?
I believe Hardy had some problems. I never bothered with the GUI tools with my Hardy installations so I do not know about Networkmanager but I did see a lot of sound complaints with Hardy whereas the previous release 7.xx had no problems.
Another issue with GNOME i never bothered to check since I needed a KDE desktop with group policies thanks to kiosktool.
On Wed, 2009-04-01 at 08:43 +0800, Christopher Chan wrote:
Yes, there are not too many surprises with CentOS. However, debian has also had a very good reputation for stability - and Ubuntu builds on that while also providing timely releases.
Please do not subscribe to the notion that ubuntu builds on Debian stability.
---- you must mean because they build on the unstable branch. ----
Ubuntu has had releases with certain key tools broken such as the GNOME Network configuration tool.
---- that I believe is an upstream issue that affects all distributions who have updated GNOME.
Ubuntu is fine - if that gives Les what he's looking for, then I say, great. What's the point of this ongoing discussion anyway?
Craig
Ubuntu has had releases with certain key tools broken such as the GNOME Network configuration tool.
that I believe is an upstream issue that affects all distributions who have updated GNOME.
Yeah, you are most probably right. I remember being told there was no maintainer for the tool in question. So it just got bundled along in the packaging. Great way to do a release.
Ubuntu is fine - if that gives Les what he's looking for, then I say, great. What's the point of this ongoing discussion anyway?
It looked like Les was exploring the idea of trying something else and I have been through that and I thought I'd share some of the issues you get when you do that if you do not mind.
On Wed, 2009-04-01 at 09:27 +0800, Christopher Chan wrote:
Ubuntu is fine - if that gives Les what he's looking for, then I say, great. What's the point of this ongoing discussion anyway?
It looked like Les was exploring the idea of trying something else and I have been through that and I thought I'd share some of the issues you get when you do that if you do not mind.
---- Les has been around a long time and certainly is knowledgeable about many forms of UNIX, Linux, Windows and OS X. He seems to enjoy fomenting discussions about what it is that Red Hat does in general that doesn't suit him but given CentOS philosophy to track upstream as closely as possible, there is no possibility that it will the distribution that will totally satisfy his wants.
I see Ubuntu doing much the same things as Fedora and that probably won't be as much of a change as he had hoped but c'est la vie. What he actually wants is a distribution that flips the middle finger to all GPL & Free License restrictions, comes with proprietary video drivers, codecs, Sun Java, Adobe stuff, with the latest versions of most everything but is stable. I hope that he finds it.
Craig
On Mar 31, 2009, at 9:51 PM, Craig White craigwhite@azapple.com wrote:
On Wed, 2009-04-01 at 09:27 +0800, Christopher Chan wrote:
Ubuntu is fine - if that gives Les what he's looking for, then I say, great. What's the point of this ongoing discussion anyway?
It looked like Les was exploring the idea of trying something else and I have been through that and I thought I'd share some of the issues you get when you do that if you do not mind.
Les has been around a long time and certainly is knowledgeable about many forms of UNIX, Linux, Windows and OS X. He seems to enjoy fomenting discussions about what it is that Red Hat does in general that doesn't suit him but given CentOS philosophy to track upstream as closely as possible, there is no possibility that it will the distribution that will totally satisfy his wants.
I see Ubuntu doing much the same things as Fedora and that probably won't be as much of a change as he had hoped but c'est la vie. What he actually wants is a distribution that flips the middle finger to all GPL & Free License restrictions, comes with proprietary video drivers, codecs, Sun Java, Adobe stuff, with the latest versions of most everything but is stable. I hope that he finds it.
Hey Les, maybe it's OpenSolaris your looking for.
You should try it before it becomes OpenAIX.
-Ross
Ross Walker wrote:
Les has been around a long time and certainly is knowledgeable about many forms of UNIX, Linux, Windows and OS X. He seems to enjoy fomenting discussions about what it is that Red Hat does in general that doesn't suit him but given CentOS philosophy to track upstream as closely as possible, there is no possibility that it will the distribution that will totally satisfy his wants.
I see Ubuntu doing much the same things as Fedora and that probably won't be as much of a change as he had hoped but c'est la vie.
Ubuntu has both fast turnover versions like fedora and LTS (long term support) versions with an enterprise flavor.
What he actually wants is a distribution that flips the middle finger to all GPL & Free License restrictions, comes with proprietary video drivers, codecs, Sun Java, Adobe stuff, with the latest versions of most everything but is stable. I hope that he finds it.
I don't believe I've ever mentioned codecs specifically, but I don't want any restrictions on what I or someone else can add, even if it involves drivers or linking to other components. And I do believe Red Hat has done enormous harm to java by shipping something that wasn't java and basically wouldn't work for years in both the fedora and RH distributions.
Hey Les, maybe it's OpenSolaris your looking for.
OpenSolaris still seems a little sort on drivers, but yes, I think OpenSolaris with a package manger and a large repository of packages maintained by a friendly community would be ideal. That looks like where Nexenta is heading, but slowly.
You should try it before it becomes OpenAIX.
I always thought Sun would be a better match for Apple to round out the client/server mix, but they are from somewhat different planets. Is OpenSolaris still closely controlled by Sun?
On Mar 31, 2009, at 10:41 PM, Les Mikesell lesmikesell@gmail.com wrote:
I always thought Sun would be a better match for Apple to round out the client/server mix, but they are from somewhat different planets. Is OpenSolaris still closely controlled by Sun?
You know I felt the exact same way. I just don't see IBM and Sun cultures mixing, but I guess we'll see.
I don't know if Sun still governs OpenSolaris, I know they are very tight as often new technologies are rolled from OpenSolaris to Solaris, but OpenSolaris might have it's own governing body now.
-Ross
Is OpenSolaris still closely controlled by Sun?
I don't know if Sun still governs OpenSolaris, I know they are very tight as often new technologies are rolled from OpenSolaris to Solaris, but OpenSolaris might have it's own governing body now.
Ha! There are very few non Sun employees involved unless things have changed big time in the last three months.
OpenSolaris is now something you can get paid support for from Sun. There will be a LTS release coming too. I don't think OpenSolaris will go the way Java has gone any time soon. Look how long it took for Java to reach that stage.
On 01/04/2009, Christopher Chan christopher.chan@bradbury.edu.hk wrote:
Is OpenSolaris still closely controlled by Sun?
I don't know if Sun still governs OpenSolaris, I know they are very tight as often new technologies are rolled from OpenSolaris to Solaris, but OpenSolaris might have it's own governing body now.
Ha! There are very few non Sun employees involved unless things have changed big time in the last three months.
OpenSolaris is now something you can get paid support for from Sun. There will be a LTS release coming too. I don't think OpenSolaris will go the way Java has gone any time soon. Look how long it took for Java to reach that stage.
OT but with OpenSolaris 2008.11 the repo got split into release and dev allowing for a degree of stability if you wish it. The contrib repo is getting underway as well, but the big debate at present is about making sure that OpenSolaris exists even if sun is bought by someon else. - replacing sun specific code with GPL stuff, yadda
We use opensolaris specifically for iscsi using zfs to provide targets for our CentOS servers and desktops/laptops. Mainly because zfs is real nice but CentOS Works™ everytime i login. :-)
Big thanks to the devs for their work as ever, if we ever make any ca$h CentOS will be first in line for donations.
mike
On Tue, Mar 31, 2009, Craig White wrote:
On Wed, 2009-04-01 at 09:27 +0800, Christopher Chan wrote:
Ubuntu is fine - if that gives Les what he's looking for, then I say, great. What's the point of this ongoing discussion anyway?
It looked like Les was exploring the idea of trying something else and I have been through that and I thought I'd share some of the issues you get when you do that if you do not mind.
Les has been around a long time and certainly is knowledgeable about many forms of UNIX, Linux, Windows and OS X. He seems to enjoy fomenting discussions about what it is that Red Hat does in general that doesn't suit him but given CentOS philosophy to track upstream as closely as possible, there is no possibility that it will the distribution that will totally satisfy his wants.
I see Ubuntu doing much the same things as Fedora and that probably won't be as much of a change as he had hoped but c'est la vie. What he actually wants is a distribution that flips the middle finger to all GPL & Free License restrictions, comes with proprietary video drivers, codecs, Sun Java, Adobe stuff, with the latest versions of most everything but is stable. I hope that he finds it.
Mac OS X?
Bill
Bill Campbell wrote:
Les has been around a long time and certainly is knowledgeable about many forms of UNIX, Linux, Windows and OS X. He seems to enjoy fomenting discussions about what it is that Red Hat does in general that doesn't suit him but given CentOS philosophy to track upstream as closely as possible, there is no possibility that it will the distribution that will totally satisfy his wants.
I see Ubuntu doing much the same things as Fedora and that probably won't be as much of a change as he had hoped but c'est la vie. What he actually wants is a distribution that flips the middle finger to all GPL & Free License restrictions, comes with proprietary video drivers, codecs, Sun Java, Adobe stuff, with the latest versions of most everything but is stable. I hope that he finds it.
Mac OS X?
Actually that's what I run at home but it's not a great server and Apple gives you plenty of reasons to hate them too.
On Tue, Mar 31, 2009 at 10:01:29PM -0500, Les Mikesell wrote:
Bill Campbell wrote:
Les has been around a long time and certainly is knowledgeable about many forms of UNIX, Linux, Windows and OS X. He seems to enjoy fomenting discussions about what it is that Red Hat does in general that doesn't suit him but given CentOS philosophy to track upstream as closely as possible, there is no possibility that it will the distribution that will totally satisfy his wants.
I see Ubuntu doing much the same things as Fedora and that probably won't be as much of a change as he had hoped but c'est la vie. What he actually wants is a distribution that flips the middle finger to all GPL & Free License restrictions, comes with proprietary video drivers, codecs, Sun Java, Adobe stuff, with the latest versions of most everything but is stable. I hope that he finds it.
Mac OS X?
Actually that's what I run at home but it's not a great server and Apple gives you plenty of reasons to hate them too.
Les,
this is now completely off topic...
Tru
So what would be the down side to just walking away from everything RH-related now that Ubuntu has a free alternative with long term support? I thought perhaps when I mentioned it earlier there would be a flurry of responses pointing out functional deficiencies but so far there have been none. I would never have started using RH in the early days if it had not been freely redistributable. Now the clones are better than nothing, but it still seems wrong.
Functional deficiencies here we come:
1) No equivalent to kickstart: By that I mean, zero support for automated lvm on raid kind of disk partitioning in the debian-installer
2) No equivalent to 'rpm -Va' or any 'rpm -V'. No checksumming done on packages and their contents.
.... .... hmm....
the rest are all learn how to add automatic iptables on boot sort of stuff I guess.
If you move to ubuntu, be prepared for a lot more than just apt-get / apt-cache. There is no inittab. You do get to use 'service whatever start/stop' though from Intrepid onwards I believe. There is no root account by default. You must be prepared for a very different way to the Redhat way of doing things.
Christopher - who did the leap from Centos to Ubuntu and is now stuck in the Windows quagmire.
On Mon, Mar 30, 2009 at 01:17:03PM +0800, Christopher Chan wrote:
So what would be the down side to just walking away from everything RH-related now that Ubuntu has a free alternative with long term support? I thought perhaps when I mentioned it earlier there would be a flurry of responses pointing out functional deficiencies but so far there have been none. I would never have started using RH in the early days if it had not been freely redistributable. Now the clones are better than nothing, but it still seems wrong.
Functional deficiencies here we come:
- No equivalent to kickstart: By that I mean, zero support for automated lvm on raid kind of disk
partitioning in the debian-installer
This is a huge issue with SLES. AutoYaST makes me very angry. :-) I can generalize my kickstart files to automate *some* parts of an install, but leave things, say partitioning, to install time and it'll prompt the installer for how they want to set things up.
No way to do that with AutoYaST.. it's either all or nothing. :(
- No equivalent to 'rpm -Va' or any 'rpm -V'. No checksumming done on
packages and their contents.
.... .... hmm....
the rest are all learn how to add automatic iptables on boot sort of stuff I guess.
If you move to ubuntu, be prepared for a lot more than just apt-get / apt-cache. There is no inittab. You do get to use 'service whatever start/stop' though from Intrepid onwards I believe. There is no root account by default. You must be prepared for a very different way to the Redhat way of doing things.
Didn't Ubuntu switch to something like Solaris' SMF? I actually like SMF quite a bit and I imagine RHEL/Fedora will move in this direction eventually....
Christopher - who did the leap from Centos to Ubuntu and is now stuck in the Windows quagmire.
And if you had to do it over again would you stick with Cent? :)
Ray
Functional deficiencies here we come:
- No equivalent to kickstart: By that I mean, zero support for automated lvm on raid kind of disk
partitioning in the debian-installer
This is a huge issue with SLES. AutoYaST makes me very angry. :-) I can generalize my kickstart files to automate *some* parts of an install, but leave things, say partitioning, to install time and it'll prompt the installer for how they want to set things up.
No way to do that with AutoYaST.. it's either all or nothing. :(
Heh, that cuts Suse out of the race too then. Although I wonder if fai will get around the debian-installer deficiency...
- No equivalent to 'rpm -Va' or any 'rpm -V'. No checksumming done on
packages and their contents.
.... .... hmm....
the rest are all learn how to add automatic iptables on boot sort of stuff I guess.
If you move to ubuntu, be prepared for a lot more than just apt-get / apt-cache. There is no inittab. You do get to use 'service whatever start/stop' though from Intrepid onwards I believe. There is no root account by default. You must be prepared for a very different way to the Redhat way of doing things.
Didn't Ubuntu switch to something like Solaris' SMF? I actually like SMF quite a bit and I imagine RHEL/Fedora will move in this direction eventually....
Yes. Something like that I suppose. I have not had an opportunity to dig into the details of what they use now. I also like SMF...except for its awfully detailed xml files.
Christopher - who did the leap from Centos to Ubuntu and is now stuck in the Windows quagmire.
And if you had to do it over again would you stick with Cent? :)
I cannot stick with Cent. The jump was for desktops. I had Centos 5 on them originally...if we could have not have any Windows compatibility then I would still have to jump to get ActivInspire support from Promethean. Then there is the get automation in installing Nvidia/ATI binary drivers...
Too bad the Ubuntu and the Debian chums did not see a need to fully automate installations on hundreds of desktops. I have finally got the ear of an Ubuntu developer so maybe things will change. But that will still leave the checksum on package contents left to deal with.
Centos (who cares about RHEL) needs a bit more extra work to make it more useful for desktops. I had to build me own kiosktool rpm for example.
Centos (who cares about RHEL) needs a bit more extra work to make it more useful for desktops. I had to build me own kiosktool rpm for example.
Ahh, yes. RH has pretty much said they're not interested in the desktop market. Until that changes either Fedora or Ubuntu it is. I'd pick Ubuntu too probably. Just "works" outta the box with a lot more things your average desktop user demands.
Disclaimer: I use Fedora on all my desktops. ;)
Ray
Ray Van Dolson wrote:
Centos (who cares about RHEL) needs a bit more extra work to make it more useful for desktops. I had to build me own kiosktool rpm for example.
Ahh, yes. RH has pretty much said they're not interested in the desktop market. Until that changes either Fedora or Ubuntu it is. I'd pick Ubuntu too probably. Just "works" outta the box with a lot more things your average desktop user demands.
Disclaimer: I use Fedora on all my desktops. ;)
I guess you are not hot on installing binary drivers for Nvidia/ATI cards. IIRC, there is no automatic handling of these in Fedora right?
Have you got Intel graphics?
On Mon, Mar 30, 2009 at 01:50:26PM +0800, Christopher Chan wrote:
Ray Van Dolson wrote:
Centos (who cares about RHEL) needs a bit more extra work to make it more useful for desktops. I had to build me own kiosktool rpm for example.
Ahh, yes. RH has pretty much said they're not interested in the desktop market. Until that changes either Fedora or Ubuntu it is. I'd pick Ubuntu too probably. Just "works" outta the box with a lot more things your average desktop user demands.
Disclaimer: I use Fedora on all my desktops. ;)
I guess you are not hot on installing binary drivers for Nvidia/ATI cards. IIRC, there is no automatic handling of these in Fedora right?
Have you got Intel graphics?
I make heavy use of the rpmfusion repo's for both nvidia drivers as well as other "non-free" components that Fedora won't include. :)
Ray
Ray Van Dolson wrote:
Functional deficiencies here we come:
- No equivalent to kickstart: By that I mean, zero support for automated lvm on raid kind of disk
partitioning in the debian-installer
This is a huge issue with SLES. AutoYaST makes me very angry. :-) I can generalize my kickstart files to automate *some* parts of an install, but leave things, say partitioning, to install time and it'll prompt the installer for how they want to set things up.
No way to do that with AutoYaST.. it's either all or nothing. :(
I like clonezilla because it is fairly agnostic about the OS it is cloning. It even handles windows nicely, although the hardware has to be fairly similar. And it doesn't care if you packaged everything or just hand-installed and configured the master image.
Didn't Ubuntu switch to something like Solaris' SMF? I actually like SMF quite a bit and I imagine RHEL/Fedora will move in this direction eventually....
Speaking of Solaris - are any of projects like Nexenta usable yet (distributions with the OpenSolaris kernel and the same user userland as Ubuntu or other current distro)? If I have to learn a new set of admin commands, maybe I should at least get zfs in return.
Didn't Ubuntu switch to something like Solaris' SMF? I actually like SMF quite a bit and I imagine RHEL/Fedora will move in this direction eventually....
Speaking of Solaris - are any of projects like Nexenta usable yet (distributions with the OpenSolaris kernel and the same user userland as Ubuntu or other current distro)? If I have to learn a new set of admin commands, maybe I should at least get zfs in return.
I don't know the state of Nexenta but I can live with Indiana. As a desktop, it was nice to get Nvidia drivers bundled, a working thunderbird + lightning plugin enabled, working sound (can I repeat that?), pidgin, openoffice (needless to say), sunstudioexpress, gcc, printer support, nice crisp looking fonts, compiz if that is your things and later xchat, ekiga...but no mplayer/vlc (not initially anyway...have to check with latest), no KDE (although there are packages outside the repo available), had to download a mp3 plugin for gstream, and learn a whole load of Solaris stuff unless you use dhcp.
zfs snapshots are nice, a boot environment system coupled with zfs that allows roll backs between upgrades, installations of software, alternate boot environments for testing and a whole lot more all available with just a few commands or even just one command...
You get more than just zfs in return...integrated iscsi/nfs/smb sharing, nfs4 acls, and also a real cold elitist crowd.
Either way, it is worth looking at nexenta too. I had this thing for Sun cc compiled asterisk so I dropped nexenta and moved to Solaris Express and later Indiana.
No flar or instantly install on thousands of servers support for Indiana though. For some things, RHEL just stands on top. Maybe I should give Fedora a try once again.
On Mon, Mar 30, 2009 at 09:54:10PM +0800, Chan Chung Hang Christopher wrote:
Didn't Ubuntu switch to something like Solaris' SMF? I actually like SMF quite a bit and I imagine RHEL/Fedora will move in this direction eventually....
Speaking of Solaris - are any of projects like Nexenta usable yet (distributions with the OpenSolaris kernel and the same user userland as Ubuntu or other current distro)? If I have to learn a new set of admin commands, maybe I should at least get zfs in return.
I don't know the state of Nexenta but I can live with Indiana. As a desktop, it was nice to get Nvidia drivers bundled, a working thunderbird + lightning plugin enabled, working sound (can I repeat that?), pidgin, openoffice (needless to say), sunstudioexpress, gcc, printer support, nice crisp looking fonts, compiz if that is your things and later xchat, ekiga...but no mplayer/vlc (not initially anyway...have to check with latest), no KDE (although there are packages outside the repo available), had to download a mp3 plugin for gstream, and learn a whole load of Solaris stuff unless you use dhcp.
zfs snapshots are nice, a boot environment system coupled with zfs that allows roll backs between upgrades, installations of software, alternate boot environments for testing and a whole lot more all available with just a few commands or even just one command...
You get more than just zfs in return...integrated iscsi/nfs/smb sharing, nfs4 acls, and also a real cold elitist crowd.
Either way, it is worth looking at nexenta too. I had this thing for Sun cc compiled asterisk so I dropped nexenta and moved to Solaris Express and later Indiana.
No flar or instantly install on thousands of servers support for Indiana though. For some things, RHEL just stands on top. Maybe I should give Fedora a try once again.
We've tried to use Solaris 10 x86 and/or OpenSolaris a number of times at work for projects with various whiteboxes. Unfortunately we hadn't planned ahead real well (the boxes were assembled with other things in mind) and usually the SATA RAID controllers weren't supported. That's been my biggest annoyance. :) Other than that, no real issue with Solaris other than it's also rather annoying to set up over the network. I just want to be able to PXE boot into the installer and point to a remote tree where the OS Is and GO! Seems I have to do the whole JumpStart add_install_client junk though... grr.
Fedora 11 Alpha/Beta is nice though. I like btrfs so far. It has a long way to go but looks real promising as a potential alternative to ZFS. I really hope they add block level data deduplication at some point....
Ray
Chan Chung Hang Christopher wrote:
I don't know the state of Nexenta but I can live with Indiana. As a desktop, it was nice to get Nvidia drivers bundled, a working thunderbird + lightning plugin enabled, working sound (can I repeat that?), pidgin, openoffice (needless to say), sunstudioexpress, gcc, printer support, nice crisp looking fonts, compiz if that is your things and later xchat, ekiga...but no mplayer/vlc (not initially anyway...have to check with latest), no KDE (although there are packages outside the repo available), had to download a mp3 plugin for gstream, and learn a whole load of Solaris stuff unless you use dhcp.
I used Solaris eons ago, back when it was expensive and buggy - and I really hate to pay for bugfixes. So, when the cost of a new pentium box with (at the time) freely redistributable RH linux was less than the Solaris update required to fix some things, I switched. But circumstances have changed drastically on both sides now and it may be time to switch back for exactly the same reason.
Either way, it is worth looking at nexenta too. I had this thing for Sun cc compiled asterisk so I dropped nexenta and moved to Solaris Express and later Indiana.
Nexenta seems like such a good idea, but the team's main focus appears to be on their commercial storage appliance.
No flar or instantly install on thousands of servers support for Indiana though. For some things, RHEL just stands on top. Maybe I should give Fedora a try once again.
Is there an equivalent to clonezilla that will work with zfs? I'm not particularly thrilled with distro/version specific schemes anyway.
On Mar 30, 2009, at 11:58 AM, Les Mikesell lesmikesell@gmail.com wrote:
Chan Chung Hang Christopher wrote:
I don't know the state of Nexenta but I can live with Indiana. As a desktop, it was nice to get Nvidia drivers bundled, a working thunderbird + lightning plugin enabled, working sound (can I repeat that?), pidgin, openoffice (needless to say), sunstudioexpress, gcc, printer support, nice crisp looking fonts, compiz if that is your things and later xchat, ekiga...but no mplayer/vlc (not initially anyway...have to check with latest), no KDE (although there are packages outside the repo available), had to download a mp3 plugin for gstream, and learn a whole load of Solaris stuff unless you use dhcp.
I used Solaris eons ago, back when it was expensive and buggy - and I really hate to pay for bugfixes. So, when the cost of a new pentium box with (at the time) freely redistributable RH linux was less than the Solaris update required to fix some things, I switched. But circumstances have changed drastically on both sides now and it may be time to switch back for exactly the same reason.
Either way, it is worth looking at nexenta too. I had this thing for Sun cc compiled asterisk so I dropped nexenta and moved to Solaris Express and later Indiana.
Nexenta seems like such a good idea, but the team's main focus appears to be on their commercial storage appliance.
No flar or instantly install on thousands of servers support for Indiana though. For some things, RHEL just stands on top. Maybe I should give Fedora a try once again.
Is there an equivalent to clonezilla that will work with zfs? I'm not particularly thrilled with distro/version specific schemes anyway.
I would love something like Nexenta, but with a CentOS userland.
Imagine an unencumbered kernel with the stability of CentOS userland tools.
You get ZFS/ARC, dtrace, smf, fma, plus the Solaris IP stack which is quite robust, with all the command line tools you are use to.
Think SELinux could be ported to the Solaris kernel?
-Ross
Am 31.03.2009 um 01:12 schrieb Ross Walker:
I would love something like Nexenta, but with a CentOS userland.
What exactly are you missing from Solaris userland that does exist in Linux, BTW? Maybe except for all the horrible cat some_arcane_value > /proc/foo or /sys/baz to coax the kernel into doing something. But I'm not missing that.
And I'm not missing Nexenta. Last time I looked, the "free" version did almost nothing compared to the commercial version. Which is no surprise, really, and brings us back to square one....
Imagine an unencumbered kernel with the stability of CentOS userland tools.
You get ZFS/ARC, dtrace, smf, fma, plus the Solaris IP stack which is quite robust, with all the command line tools you are use to.
Think SELinux could be ported to the Solaris kernel?
Hm. Seems like this is happening, more or less: http://www.press.redhat.com/2008/04/09/red-hat-welcomes-opensolaris-and-ubun...
I'm sometimes amused how people want "this" with "that", though.
Don't you people sometimes think that Linux is the way it is exactly because of too many people thinking that way and actually getting what they wanted? Linux is everything and the kitchen sink (in terms of features), but few are completely implemented or actually wrapped into an API/ userland tools. Everything is constantly in flux, most stuff get's thrown over every other year (except for the places that would really need it, seemingly) and hardly anybody documents (try to find a man- page for a hw-driver...) Now, they're chasing ZFS with this butter-fs crap. Hello? How about allowing growing partitions without using LVM first? Sure, btrfs will solve all the problems, really - but while it matures, it will introduce lot's of others that you only get to know about once you want to use it...
Don't get me wrong - some things in Linux actually work quite well and it's quick to get up- and running (once you run a cobbler server) - but I know its limits and I don't try to push it beyond those. I use Solaris or FreeBSD when they fit the bill (which is also not always the case). But I don't think a system that does all and everything these three do individually would actually be better or a joy to use...
"Less is more"
Rainer
On Tue, Mar 31, 2009 at 01:42:48AM +0200, Rainer Duffner wrote:
Am 31.03.2009 um 01:12 schrieb Ross Walker:
I would love something like Nexenta, but with a CentOS userland.
What exactly are you missing from Solaris userland that does exist in Linux, BTW? Maybe except for all the horrible cat some_arcane_value > /proc/foo or /sys/baz to coax the kernel into doing something. But I'm not missing that.
And I'm not missing Nexenta. Last time I looked, the "free" version did almost nothing compared to the commercial version. Which is no surprise, really, and brings us back to square one....
Imagine an unencumbered kernel with the stability of CentOS userland tools.
You get ZFS/ARC, dtrace, smf, fma, plus the Solaris IP stack which is quite robust, with all the command line tools you are use to.
Think SELinux could be ported to the Solaris kernel?
Hm. Seems like this is happening, more or less: http://www.press.redhat.com/2008/04/09/red-hat-welcomes-opensolaris-and-ubun...
I'm sometimes amused how people want "this" with "that", though.
Don't you people sometimes think that Linux is the way it is exactly because of too many people thinking that way and actually getting what they wanted? Linux is everything and the kitchen sink (in terms of features), but few are completely implemented or actually wrapped into an API/ userland tools. Everything is constantly in flux, most stuff get's thrown over every other year (except for the places that would really need it, seemingly) and hardly anybody documents (try to find a man- page for a hw-driver...) Now, they're chasing ZFS with this butter-fs crap. Hello? How about allowing growing partitions without using LVM first? Sure, btrfs will solve all the problems, really - but while it matures, it will introduce lot's of others that you only get to know about once you want to use it...
Don't get me wrong - some things in Linux actually work quite well and it's quick to get up- and running (once you run a cobbler server) - but I know its limits and I don't try to push it beyond those. I use Solaris or FreeBSD when they fit the bill (which is also not always the case). But I don't think a system that does all and everything these three do individually would actually be better or a joy to use...
"Less is more"
Hey, I for one am glad for the competition ZFS' entrance to the market has provided. btrfs is a ways off from being a serious competitor, but it *will* get there.
The whole "do it all" with the filesystem for me is.. meh. I don't mind using LVM in tandem with it. Whichever way they decide to go will be fine with me.
I really like a lot of things about Solaris. I dislike a lot of things about it too.. namely, automated installs are annoying (even with JumpStart), and rpm+yum is far superior from a user standpoint than Sun's package -> patchid + 8000 different patch management tools. pca is the closest thing out there to a simple way to see what should be applied to your system, but just not quite the same.
Ray
I really like a lot of things about Solaris. I dislike a lot of things about it too.. namely, automated installs are annoying (even with JumpStart), and rpm+yum is far superior from a user standpoint than Sun's package -> patchid + 8000 different patch management tools. pca is the closest thing out there to a simple way to see what should be applied to your system, but just not quite the same.
the new IPS package manager is okay. Doing image-updates has reasonably worked well too.
On Tue, Mar 31, 2009 at 08:13:51AM +0800, Christopher Chan wrote:
I really like a lot of things about Solaris. I dislike a lot of things about it too.. namely, automated installs are annoying (even with JumpStart), and rpm+yum is far superior from a user standpoint than Sun's package -> patchid + 8000 different patch management tools. pca is the closest thing out there to a simple way to see what should be applied to your system, but just not quite the same.
the new IPS package manager is okay. Doing image-updates has reasonably worked well too.
Haven't tried this at all... if it's "free"[1] I will. If it's a large extra cost, I'll stick with PCA :-)
Also, do to the nature of many of the Solaris patches (which require reboots), the LiveUpgrade feature has been a life-saver. Not as necessary in the Linux world, but at least now I can patch my production servers more easily without scheduling a couple hour sof downtime. :)
Ray
On Mon, Mar 30, 2009 at 05:21:43PM -0700, Ray Van Dolson wrote:
On Tue, Mar 31, 2009 at 08:13:51AM +0800, Christopher Chan wrote:
I really like a lot of things about Solaris. I dislike a lot of things about it too.. namely, automated installs are annoying (even with JumpStart), and rpm+yum is far superior from a user standpoint than Sun's package -> patchid + 8000 different patch management tools. pca is the closest thing out there to a simple way to see what should be applied to your system, but just not quite the same.
the new IPS package manager is okay. Doing image-updates has reasonably worked well too.
Haven't tried this at all... if it's "free"[1] I will. If it's a large extra cost, I'll stick with PCA :-)
Also, do to the nature of many of the Solaris patches (which require reboots), the LiveUpgrade feature has been a life-saver. Not as necessary in the Linux world, but at least now I can patch my production servers more easily without scheduling a couple hour sof downtime. :)
Forgot...
[1] "Free" as in included with the already large sum of money we pay Sun. :)
the new IPS package manager is okay. Doing image-updates has reasonably worked well too.
Haven't tried this at all... if it's "free"[1] I will. If it's a large extra cost, I'll stick with PCA :-)
Also, do to the nature of many of the Solaris patches (which require reboots), the LiveUpgrade feature has been a life-saver. Not as necessary in the Linux world, but at least now I can patch my production servers more easily without scheduling a couple hour sof downtime. :)
IPS is only available on OpenSolaris. I don't know if your support contract includes OpenSolaris...and then again, you probably don't want to use what many sun admins call a steaming pile of beta crap.
Rainer Duffner wrote:
I would love something like Nexenta, but with a CentOS userland.
What exactly are you missing from Solaris userland that does exist in Linux, BTW?
A package manager that can grab many thousands of packages with their dependencies and keep them up to date. And a large, friendly community maintaining those packages.
Maybe except for all the horrible cat some_arcane_value > /proc/foo or /sys/baz to coax the kernel into doing something. But I'm not missing that.
And I'm not missing Nexenta. Last time I looked, the "free" version did almost nothing compared to the commercial version. Which is no surprise, really, and brings us back to square one....
They are supposed to have most of the ubuntu/debian packages available for installation. The last time I tried to install it the big problem was the lack of AIC 7899 support and the SATA driver for the other machine I would have used. But that's an OpenSolaris problem, not really Nexenta's.
Linux is everything and the kitchen sink (in terms of features), but few are completely implemented or actually wrapped into an API/ userland tools. Everything is constantly in flux, most stuff get's thrown over every other year (except for the places that would really need it, seemingly) and hardly anybody documents (try to find a man- page for a hw-driver...)
A driver without a man page is more useful than no driver at all...
On Mon, 2009-03-30 at 20:29 -0500, Les Mikesell wrote:
Rainer Duffner wrote:
<snip> > need it, seemingly) and hardly anybody documents (try to find a man- > page for a hw-driver...)
A driver without a man page is more useful than no driver at all...
And a lot more exciting and dangerous too.
this getting ready for centos 5.4 thread...
i am not following it... yet...
did we time warp and lose 5.3, being trashcanned and now waiting on 5.4?
microsoft didnt buy out the centos faithful did they?
;->
- rh
RobertH wrote:
this getting ready for centos 5.4 thread...
i am not following it... yet...
did we time warp and lose 5.3, being trashcanned and now waiting on 5.4?
microsoft didnt buy out the centos faithful did they?
;->
I'm tired of waiting for 5.4 and moved on to waiting for Centos 5.5 :-)
on 3-31-2009 8:34 AM Toby Bluhm spake the following:
RobertH wrote:
this getting ready for centos 5.4 thread...
i am not following it... yet...
did we time warp and lose 5.3, being trashcanned and now waiting on 5.4?
microsoft didnt buy out the centos faithful did they?
;->
I'm tired of waiting for 5.4 and moved on to waiting for Centos 5.5 :-)
Is it time for CentOS 6 yet? ;-P
Ducking now.... This was a joke for those who don't speak smiley!!!
If you read any of the previous 90 messages, you'd know that they are talking about ways to plan for the *future* release of 5.4 and is asking how the community can help to try to prevent the delays that have happened with 5.3.
On Tue, Mar 31, 2009 at 11:18 AM, RobertH roberth@abbacomm.net wrote:
this getting ready for centos 5.4 thread...
i am not following it... yet...
did we time warp and lose 5.3, being trashcanned and now waiting on 5.4?
microsoft didnt buy out the centos faithful did they?
;->
- rh
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Brian Mathis wrote: Sent: Tuesday, March 31, 2009
If you read any of the previous 90 messages, you'd know that they are talking about ways to plan for the *future* release of 5.4 and is asking how the community can help to try to prevent the delays that have happened with 5.3.
brian..... hmmmmm, i see.
read a few. wasnt able to discern in a few.
having been on the list like forever, i know better than to whine for an update so i have just been patiently waiting knowing it would be ready when it is ready.
bottom line is i dont want to read 90 messages to figure it out, especially when AFAIK centos 5.3 wasnt even released yet...
- rh
Christopher Chan wrote:
start/stop' though from Intrepid onwards I believe. There is no root account by default.
There is a root account, you just can't access it w/o setting it's password.
And as soon as you do set it's password, I highly recommend you then completely disable and lock down the very insecure sudo defaults.
The way OS X / ubuntu / etc configure sudo is something I highly disagree with. By default, all a cracker needs is to get a local uname/password for an admin user and he can then spawn a root shell.
With sudo disabled, the cracker must also have a local exploit that gets past SELinux. Assuming Ubuntu supports SELinux (does it?)
Michael A. Peters wrote:
Christopher Chan wrote:
start/stop' though from Intrepid onwards I believe. There is no root account by default.
There is a root account, you just can't access it w/o setting it's password.
Oh you can. sudo -i. Now go away.
And as soon as you do set it's password, I highly recommend you then completely disable and lock down the very insecure sudo defaults.
And pick up the pieces. You do know that certain services are tightly tied into the way things are currently set up?
The way OS X / ubuntu / etc configure sudo is something I highly disagree with. By default, all a cracker needs is to get a local uname/password for an admin user and he can then spawn a root shell.
Not getting into that argument.
With sudo disabled, the cracker must also have a local exploit that gets past SELinux. Assuming Ubuntu supports SELinux (does it?)
Unfortunately, yes...but not as extensive as RHEL. So not quite a win for Ubuntu yet in helping you guys migrate. Soon I am going to get banned. :-D
Christopher Chan wrote:
Michael A. Peters wrote:
Christopher Chan wrote:
start/stop' though from Intrepid onwards I believe. There is no root account by default.
There is a root account, you just can't access it w/o setting it's password.
Oh you can. sudo -i. Now go away.
Yeah, I meant no *direct* root login. The whole sudo sh etc. giving root shell is why I despise the OS X / ubuntu default configuration.
-=-
I don't have a problem with sudo, I just have a problem with sudo configurations that make it cake to spawn a root shell.
Michael A. Peters wrote:
start/stop' though from Intrepid onwards I believe. There is no root account by default.
There is a root account, you just can't access it w/o setting it's password.
sudo su -
And as soon as you do set it's password, I highly recommend you then completely disable and lock down the very insecure sudo defaults.
The way OS X / ubuntu / etc configure sudo is something I highly disagree with. By default, all a cracker needs is to get a local uname/password for an admin user and he can then spawn a root shell.
Errr, why is it easier to get an admin user's name and password than the root password? The latter is much more likely to be shared, because in typical scenarios it has to be.
With sudo disabled, the cracker must also have a local exploit that gets past SELinux. Assuming Ubuntu supports SELinux (does it?)
No, it comes with AppArmor instead.
Les Mikesell wrote:
Errr, why is it easier to get an admin user's name and password than the root password?
Because typically you only allow root login via console or an existing login.
You can brute force a user password (or sniff if the admin is lazy in how they connect - IE not using proper pass phrase, MITM attacks - possible with the SSH bug that Debian/Ubuntu had) etc. but normally the root account is disabled from remote login so it can't be remotely brute forced or sniffed.
What you normally do is give sudo access to the commands (or wrappers to the commands) that a particular sysadmin might need to use but you don't give them full root access, thereby limiting the damage that can be done should their password be compromised.
Michael A. Peters wrote:
Errr, why is it easier to get an admin user's name and password than the root password?
Because typically you only allow root login via console or an existing login.
I don't see how that relates to the question.
You can brute force a user password (or sniff if the admin is lazy in how they connect - IE not using proper pass phrase, MITM attacks - possible with the SSH bug that Debian/Ubuntu had) etc. but normally the root account is disabled from remote login so it can't be remotely brute forced or sniffed.
Normally? As in a default install?
What you normally do is give sudo access to the commands (or wrappers to the commands) that a particular sysadmin might need to use but you don't give them full root access, thereby limiting the damage that can be done should their password be compromised.
Who is 'them'? And if you haven't shared the root password, what happens when you get hit by a bus?
Les Mikesell wrote:
Michael A. Peters wrote:
Errr, why is it easier to get an admin user's name and password than the root password?
Because typically you only allow root login via console or an existing login.
I don't see how that relates to the question.
It relates because your administrators generally log in from remote locations. For ssh they may be using a pass phrase (assuming their has been a key exchange previously) but not necessarily. Unless all methods of connecting refuse password authentication, there is a possibility of brute force password discovery.
You can brute force a user password (or sniff if the admin is lazy in how they connect - IE not using proper pass phrase, MITM attacks - possible with the SSH bug that Debian/Ubuntu had) etc. but normally the root account is disabled from remote login so it can't be remotely brute forced or sniffed.
Normally? As in a default install?
if you compile openssh from source, root login is disabled. Distro's usually (and I disagree with this) default to allow root login - justification being it's the only way to get in after doing a remote install, but there are better ways to solve that.
But yes - any admin will lock down ssh (and any other services) as soon as the install is finished to forbid root login, any admin that does not needs to get a job selling real estate.
What you normally do is give sudo access to the commands (or wrappers to the commands) that a particular sysadmin might need to use but you don't give them full root access, thereby limiting the damage that can be done should their password be compromised.
Who is 'them'? And if you haven't shared the root password, what happens when you get hit by a bus?
If I get hit by a bus, I don't personally care what happens, but of course there is more than one individual who has the master root password. Most of your junior don't need it and shouldn't have it, you can give them access via sudo to the specific things they need to do (and log sudo to a log machine they don't have access to) that require privilege escalation.
The point is you should never be able to gain a root shell knowing just a username and password for which a remote connection is allowed, and that's exactly what the OS X / Ubuntu default sudo configuration allows.
With sudo disabled, the cracker must also have a local exploit that gets past SELinux. Assuming Ubuntu supports SELinux (does it?)
No, it comes with AppArmor instead.
There are trappings of selinux in Intrepid if not Hardy.
Package: libselinux1
escription: SELinux shared libraries This package provides the shared libraries for Security-enhanced Linux. Security-enhanced Linux is a patch of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement, Role-based Access Control, and Multi-level Security. . libselinux1 provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API.
-
Barry L. Kline -
Bill Campbell -
Brian Mathis -
Chan Chung Hang Christopher -
Christopher Chan
-
Craig White -
Florin Andrei -
Frank Thommen -
griz_quattro -
Jimmy Bradley -
Karanbir Singh -
Lanny Marcus -
Les Mikesell -
Linux Advocate -
Marko A. Jennings -
mbneto -
Michael A. Peters -
Michael Simpson -
Morten Torstensen -
nate -
Neil Aggarwal -
Neil Thompson -
Noob Centos Admin -
Phil Schaffner -
Rainer Duffner -
Ralph Angenendt -
Ray Van Dolson -
Rob Kampen -
Robert Nichols -
RobertH -
Ross Walker -
Scott Silva -
Sorin Srbu -
Spiro Harvey -
Timothy Murphy -
Toby Bluhm -
Tru Huynh -
Ward.P.Fontenot@wellsfargo.com -
William L. Maltby