On 2020-01-10 16:19, Johnny Hughes wrote: > Well sure .. but that is also true for any Linux distribution. It's > not > like Ubuntu or Debian or Linux Mint (or anyone else) let community > members build their distributions. Do you consider Debian developers "community members"? The binary packages for one architecture (mostly amd64) are built, signed and uploaded by each Debian developer on their own machine, with the binaries for the other architectures being built by buildd on Debian infrastructure. It's probably also the reason they are investing so much effort in reproducible builds. That approach is controversial, building everything from source on dedicated machines belonging to the project, like Fedora is doing, would be more secure. I don't think anyone wants your private keys. There are many ways to contribute to a Linux distro, from documentation, helping with sysadmin work, to contribute patches, packaging and developing bigger parts of software. Patches submitted by random users are not unusual for Debian, and the package maintainers are welcoming them and will adapt and integrate them, very fast (maybe Debian has more technical users than say, Ubuntu or Mint). In principle, nothing would stop CentOS users from submitting patches, but it's more difficult to do so. The standard answer to bugs is "we only rebuild RHEL, go submit the bug to their Bugzilla and CentOS will only get the fix when and if they fix it". RH won't even consider bugs for CentOS installations, you have to install RHEL and reproduce it first (that requires significant time and effort and even then, good luck if you're not a major customer). Maybe they would accept submitted patches even if you're not a paying customer, not sure - they would still need to invest time to validate your patch. The entire process is much more closed compared to Debian or Fedora, so it's understandable that CentOS users feel kept at a distance and not really welcome (then again, Debian is a community distro, the interactions with Canonical or Novell might be similar to the ones with RH). I think that explains partially why our community is less involved than the Debian one. > We are never going to allow other people to build things not in our > validated systems and then sign and release it with CentOS Keys as > CentOS Linux. That would be ridiculously stupid :) Indeed.