On 12/8/20 2:30 PM, Phil Perry wrote: > On 08/12/2020 20:04, Johnny Hughes wrote: >> On 12/8/20 1:50 PM, Phil Perry wrote: >>> On 08/12/2020 19:29, Patrick Riehecky wrote: >>>> On Tue, 2020-12-08 at 19:32 +0100, Leon Fauster via CentOS-devel wrote: >>>>> Am 08.12.20 um 18:00 schrieb Johnny Hughes: >>>>>> On 12/8/20 8:58 AM, Manuel Wolfshant wrote: >>>>>>> On 12/8/20 4:47 PM, Patrick Riehecky wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> Does >>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__centos.org_distro-2Dfaq_-23q5-2Ddoes-2Dthis-2Dmean-2Dthat-2Dcentos-2Dstream-2Dis-2Dthe-2Drhel-2Dbeta-2Dtest-2Dplatform-2Dnow&d=DwICAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=OAMtP0DWou0nlXG7Kmxo2enjXJfwb1DXS9fwcaESuTE&m=8Lv8HbfA7AuR_Q6CkfjD-A3fVVYhVr4LSB2NvpFMYII&s=aqmZahlJ5iHfl0sF63gxK7YxqgE5wFeXLEDwmMFpGX4&e= >>>>>>>> >>>>>>>> >>>>>>>> address your concerns? >>>>>>> >>>>>>> When I see "Security issues will be updated in CentOS Stream >>>>>>> after they >>>>>>> are solved in the current RHEL release." I can only reply your >>>>>>> question >>>>>>> with "No, it does not" >>>>>> >>>>>> That is NO different that now. We build CentOS updates after they >>>>>> are >>>>>> released in RHEL and then the source code is pushed to >>>>>> git.centos.org >>>>>> .. we always have. >>>>>> >>>>>> This is no different. The security updates will be pushed to >>>>>> stream >>>>>> after they have been pushed to RHEL .. just like now. >>>>> >>>>> If you compare it carefully you find rpms in CentOS Linux that are >>>>> newer >>>>> than in CentOS Stream - so security updates not landed in C8S. >>>> >>>> >>>> The security updates are in Stream. They got into stream /before/ they >>>> landed in CentOS Linux 8. >>> >>> Sorry Pat, I'm not seeing that? >>> >>> Taking just one example, CentOS8 has kernels 4.18.0-240.el8.x86_64.rpm >>> and 4.18.0-240.1.1.el8_3.x86_64.rpm as seen here: >>> >>> http://mirrors.coreix.net/centos/8/BaseOS/x86_64/os/Packages/ >>> >>> whereas CentOS Stream still only has kernel 4.18.0-240.el8.x86_64.rpm >>> and not the security update. >>> >>> http://mirrors.coreix.net/centos/8-stream/BaseOS/x86_64/os/Packages/ >>> >>> That's just the kernel. In fact I can't see _any_ security updates in >>> stream. Am I missing something? >>> >> >> Yes, you are. >> >> There will be a;;the RHEL engineers rolling all future changes into >> Stream for all RHEL versions. >> >> Right now stream is 2 people rolling in changes just like CentOS 8 .. it >> takes time. >> >> In fact, if you look, the 240 kernel was released in stream BEFORE it >> was released in CentOS Linux 8. And, we have built and will release >> this kernel very soon: >> >> https://koji.mbox.centos.org/koji/buildinfo?buildID=14937 >> > > Thanks Johnny. So kernel-4.18.0-240.1.1.el8_3 will never appear in > Stream, but a later kernel-4.18.0-257.el8 will, which may or may not be > kABI compatible depending on the kernel symbols updated within the > 4.18.0-257.el8 release. You are correct > > My concern here is that elrepo are then no longer able to support > CentOS. Elrepo can not develop against a constantly moving target > whereby kernel symbols outside of the somewhat limited whitelist are > constantly subject to change with each new kernel update. > I don't know if that is a priority. But security will be a priority. > Just wondering what the CentOS project is able to do to ensure ABI > stability in the kernel? Are you able to make kernels separately > available, or maybe continue releasing centosplus kernels to a separate > repository/channel for those who require ABI stability? Do we need to > think about starting a kernel SIG now to ensure this need is met in a > year's time? The RHEL developers will be doing kernels, as well as the rest of the Stream builds.