[CentOS-devel] A Big Idea for a New Decade [was: Minutes for CentOS Board of Directors 2019-12-18 Meeting]

Fri Jan 10 19:04:50 UTC 2020
Laurențiu Păncescu <lpancescu at centosproject.org>

On 2020-01-10 16:19, Johnny Hughes wrote:
> Well sure .. but that is also true for any Linux distribution.  It's 
> not
> like Ubuntu or Debian or Linux Mint (or anyone else) let community
> members build their distributions.

Do you consider Debian developers "community members"?  The binary 
packages for one architecture (mostly amd64) are built, signed and 
uploaded by each Debian developer on their own machine, with the 
binaries for the other architectures being built by buildd on Debian 
infrastructure.  It's probably also the reason they are investing so 
much effort in reproducible builds.  That approach is controversial, 
building everything from source on dedicated machines belonging to the 
project, like Fedora is doing, would be more secure.

I don't think anyone wants your private keys. There are many ways to 
contribute to a Linux distro, from documentation, helping with sysadmin 
work, to contribute patches, packaging and developing bigger parts of 
software.  Patches submitted by random users are not unusual for Debian, 
and the package maintainers are welcoming them and will adapt and 
integrate them, very fast (maybe Debian has more technical users than 
say, Ubuntu or Mint).

In principle, nothing would stop CentOS users from submitting patches, 
but it's more difficult to do so.  The standard answer to bugs is "we 
only rebuild RHEL, go submit the bug to their Bugzilla and CentOS will 
only get the fix when and if they fix it".  RH won't even consider bugs 
for CentOS installations, you have to install RHEL and reproduce it 
first (that requires significant time and effort and even then, good 
luck if you're not a major customer).  Maybe they would accept submitted 
patches even if you're not a paying customer, not sure - they would 
still need to invest time to validate your patch.  The entire process is 
much more closed compared to Debian or Fedora, so it's understandable 
that CentOS users feel kept at a distance and not really welcome (then 
again, Debian is a community distro, the interactions with Canonical or 
Novell might be similar to the ones with RH).  I think that explains 
partially why our community is less involved than the Debian one.

> We are never going to allow other people to build things not in our
> validated systems and then sign and release it with CentOS Keys as
> CentOS Linux.  That would be ridiculously stupid  :)

Indeed.