[CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/

Tue Dec 8 20:30:04 UTC 2020
Phil Perry <pperry at elrepo.org>

On 08/12/2020 20:04, Johnny Hughes wrote:
> On 12/8/20 1:50 PM, Phil Perry wrote:
>> On 08/12/2020 19:29, Patrick Riehecky wrote:
>>> On Tue, 2020-12-08 at 19:32 +0100, Leon Fauster via CentOS-devel wrote:
>>>> Am 08.12.20 um 18:00 schrieb Johnny Hughes:
>>>>> On 12/8/20 8:58 AM, Manuel Wolfshant wrote:
>>>>>> On 12/8/20 4:47 PM, Patrick Riehecky wrote:
>>>>>>> Hello,
>>>>>>> Does
>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__centos.org_distro-2Dfaq_-23q5-2Ddoes-2Dthis-2Dmean-2Dthat-2Dcentos-2Dstream-2Dis-2Dthe-2Drhel-2Dbeta-2Dtest-2Dplatform-2Dnow&d=DwICAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=OAMtP0DWou0nlXG7Kmxo2enjXJfwb1DXS9fwcaESuTE&m=8Lv8HbfA7AuR_Q6CkfjD-A3fVVYhVr4LSB2NvpFMYII&s=aqmZahlJ5iHfl0sF63gxK7YxqgE5wFeXLEDwmMFpGX4&e=
>>>>>>> address your concerns?
>>>>>> When I see "Security issues will be updated in CentOS Stream
>>>>>> after they
>>>>>> are solved in the current RHEL release." I can only reply your
>>>>>> question
>>>>>> with "No, it does not"
>>>>> That is NO different that now.  We build CentOS updates after they
>>>>> are
>>>>> released in RHEL and then the source code is pushed to
>>>>> git.centos.org
>>>>> .. we always have.
>>>>> This is no different.  The security updates will be pushed to
>>>>> stream
>>>>> after they have been pushed to RHEL .. just like now.
>>>> If you compare it carefully you find rpms in CentOS Linux that are
>>>> newer
>>>> than in CentOS Stream - so security updates not landed in C8S.
>>> The security updates are in Stream.  They got into stream /before/ they
>>> landed in CentOS Linux 8.
>> Sorry Pat, I'm not seeing that?
>> Taking just one example, CentOS8 has kernels  4.18.0-240.el8.x86_64.rpm
>> and 4.18.0-240.1.1.el8_3.x86_64.rpm as seen here:
>> http://mirrors.coreix.net/centos/8/BaseOS/x86_64/os/Packages/
>> whereas CentOS Stream still only has kernel 4.18.0-240.el8.x86_64.rpm
>> and not the security update.
>> http://mirrors.coreix.net/centos/8-stream/BaseOS/x86_64/os/Packages/
>> That's just the kernel. In fact I can't see _any_ security updates in
>> stream. Am I missing something?
> Yes, you are.
> There will be a;;the RHEL engineers rolling all future changes into
> Stream for all RHEL versions.
> Right now stream is 2 people rolling in changes just like CentOS 8 .. it
> takes time.
> In fact, if you look, the 240 kernel was released in stream BEFORE it
> was released in CentOS Linux 8.  And, we have built and will release
> this kernel very soon:
> https://koji.mbox.centos.org/koji/buildinfo?buildID=14937

Thanks Johnny. So kernel-4.18.0-240.1.1.el8_3 will never appear in 
Stream, but a later kernel-4.18.0-257.el8 will, which may or may not be 
kABI compatible depending on the kernel symbols updated within the 
4.18.0-257.el8 release.

My concern here is that elrepo are then no longer able to support 
CentOS. Elrepo can not develop against a constantly moving target 
whereby kernel symbols outside of the somewhat limited whitelist are 
constantly subject to change with each new kernel update.

Just wondering what the CentOS project is able to do to ensure ABI 
stability in the kernel? Are you able to make kernels separately 
available, or maybe continue releasing centosplus kernels to a separate 
repository/channel for those who require ABI stability? Do we need to 
think about starting a kernel SIG now to ensure this need is met in a 
year's time?