On 11/12/20 9:49 AM, Johnny Hughes wrote: > On 11/12/20 8:14 AM, Pablo Sebastián Greco wrote: >> >> On 12/11/20 10:41, Simon Matter wrote: >>>> On 11/12/20 4:23 AM, Sandro Bonazzola wrote: >>>>> >>>>> Il giorno mer 11 nov 2020 alle ore 15:31 Johnny Hughes >>>>> <johnny at centos.org <mailto:johnny at centos.org>> ha scritto: >>>>> >>>>> On 11/9/20 11:39 PM, Satish Patel wrote: >>>>> > Folks, >>>>> > >>>>> > Redhat has released RHEL 8.3 for the general public last week so >>>>> > curious when CentOS 8.3 is coming out for the public? >>>>> > >>>>> >>>>> As always .. it will come out when it is done. >>>>> >>>>> We have no idea how long that will take until we finish it .. them >>>>> we'll >>>>> know. >>>>> >>>>> >>>>> Thanks for your hard work on this. >>>>> Just a question on the technical side: weren't CentOS 8.3 packages >>>>> already built once for CentOS Stream in the past? >>>>> It should reduce the amount of packages to be rebuilt right? >>>> For most of them, yes. Some are new. Should be faster than in the >>>> past. >>> While we are at it, I was always wondering about reproducible builds. >>> From >>> what I understand RHEL is not reproducible, otherwise most packages of >>> CentOS should be identical with the RedHat packages, right? >> Right, RHEL is not reproducible, but even if it were, nothing indicates >> that CentOS builds should be identical for different reasons >> 1) RHEL sort of accumulates builds and then dumps them for point >> release, so we have no way to replicate the exact environment in which >> the build was produced. >> 2) Debranding, some of our debranding might affect things >>> >>> Wouldn't it be a security improvement if RHEL builds were 100% >>> reproducible? Or do I miss something here? >> You're not missing anything, it would be a big security improvement, not >> enough, but still much better. > > It also depends on what you mean reproducible. > > But no .. CentOS has never been the same as RHEL. There are 2 separate > closed build systems and always have been. > > The closed CentOS build system gets RELEASED content only. The close > Red Hat build system can have many iterations of a package between two > RELEASED packages that never get pushed. Those iterative packages are, > however, used to build things that happen between actual released files. > Therefore CentOS Linux content is NOT THE SAME AS RHEL. If you want > RHEL .. buy RHEL. > > As far as reproducible .. they COULD be, if you created a special config > file that was exactly identical to the original build. We don't do that > however. CentOS builds packages that get released today against the > build system that exists today. We build what is released next week > against the build system that exists next week. Hmm .. missing stuff, So users need to verify CentOS meets their needs. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20201112/e479a377/attachment-0006.sig>