[CentOS-devel] CentOS 8.3 Release date

Thu Nov 12 15:49:39 UTC 2020
Johnny Hughes <johnny at centos.org>

On 11/12/20 8:14 AM, Pablo Sebastián Greco wrote:
> 
> On 12/11/20 10:41, Simon Matter wrote:
>>> On 11/12/20 4:23 AM, Sandro Bonazzola wrote:
>>>>
>>>> Il giorno mer 11 nov 2020 alle ore 15:31 Johnny Hughes
>>>> <johnny at centos.org <mailto:johnny at centos.org>> ha scritto:
>>>>
>>>>      On 11/9/20 11:39 PM, Satish Patel wrote:
>>>>      > Folks,
>>>>      >
>>>>      > Redhat has released RHEL 8.3 for the general public last week so
>>>>      > curious when CentOS 8.3 is coming out for the public?
>>>>      >
>>>>
>>>>      As always .. it will come out when it is done.
>>>>
>>>>      We have no idea how long that will take until we finish it .. them
>>>> we'll
>>>>      know.
>>>>
>>>>
>>>> Thanks for your hard work on this.
>>>> Just a question on the technical side: weren't CentOS 8.3 packages
>>>> already built once for CentOS Stream in the past?
>>>> It should reduce the amount of packages to be rebuilt right?
>>> For most of them, yes.  Some are new.  Should be faster than in the
>>> past.
>> While we are at it, I was always wondering about reproducible builds.
>> From
>> what I understand RHEL is not reproducible, otherwise most packages of
>> CentOS should be identical with the RedHat packages, right?
> Right, RHEL is not reproducible, but even if it were, nothing indicates
> that CentOS builds should be identical for different reasons
> 1) RHEL sort of accumulates builds and then dumps them for point
> release, so we have no way to replicate the exact environment in which
> the build was produced.
> 2) Debranding, some of our debranding might affect things
>>
>> Wouldn't it be a security improvement if RHEL builds were 100%
>> reproducible? Or do I miss something here?
> You're not missing anything, it would be a big security improvement, not
> enough, but still much better.

It also depends on what you mean reproducible.

But no .. CentOS has never been the same as RHEL.  There are 2 separate
closed build systems and always have been.

The closed CentOS build system gets RELEASED content only.  The close
Red Hat build system can have many iterations of a package between two
RELEASED packages that never get pushed.  Those iterative packages are,
however, used to build things that happen between actual released files.
 Therefore CentOS Linux content is NOT THE SAME AS RHEL.  If you want
RHEL .. buy RHEL.

As far as reproducible .. they COULD be, if you created a special config
file that was exactly identical to the original build.  We don't do that
however.   CentOS builds packages that get released today against the
build system that exists today.  We build what is released next week
against the build system that exists next week.



So, if

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20201112/330cd344/attachment-0006.sig>