[CentOS-devel] moving the CR repo into mainstream release

Mon Nov 21 23:50:26 UTC 2011
Stephen Walsh <steve at nerdvana.org.au>

  On 11/22/2011 10:43 AM, Tom Sorensen wrote:
> FSVO risk, sure. Except that upstream recommends this all the time
> when troubleshooting customer systesms.
>
> We have several systems deployed at customer sites that are RHEL
> 5.3... with the 5.6 glibc. And this was recommended by 3rd level
> support, not some 1st level person following a script.
>
> Sure, I'd prefer to have 5.6 (or 5.7) on the systems, but they're on
> an isolated network scattered all over the globe physically, so doing
> that isn't very easy. And upstream understands this, as well as the
> desire from some customers to not change from a particular sub-version
> without cause. They may not have explicitly tested various package
> combinations, but the commitment to a stable API/ABI means that mixing
> packages from within the same major version number is safe with a
> small number of exceptions (which are in the tech notes).
>
> IOW, the risk is exceptionally small.

With a nice support contract and an army of willing RH engineers on the 
other end of a phone, yes, the risk is small.

For $Johnny_webhost, who takes his daily income from his business, and 
can't afford the above mentioned support on his rack full of EL boxes 
(which is why he uses centos), he needs to balance the risk of losing 
customers due a security incident vs running a full up to date and 
stable system with a mix of current and upcoming release packages, and 
all with the knowledge in his head and what he can get from the main 
centos list (most of which last time I looked appeared to be a 
conversation about why you should use ubuntu over centos).

The Lowest Common Denominator is the one we need to think about here. 
The end user that wants EL stability and security, but can't afford to 
spend the money on upstream subscriptions.