[CentOS-devel] CentOS 8.3 Release date

Thu Nov 12 15:53:49 UTC 2020
Johnny Hughes <johnny at centos.org>

On 11/12/20 9:49 AM, Johnny Hughes wrote:
> On 11/12/20 8:14 AM, Pablo Sebastián Greco wrote:
>>
>> On 12/11/20 10:41, Simon Matter wrote:
>>>> On 11/12/20 4:23 AM, Sandro Bonazzola wrote:
>>>>>
>>>>> Il giorno mer 11 nov 2020 alle ore 15:31 Johnny Hughes
>>>>> <johnny at centos.org <mailto:johnny at centos.org>> ha scritto:
>>>>>
>>>>>      On 11/9/20 11:39 PM, Satish Patel wrote:
>>>>>      > Folks,
>>>>>      >
>>>>>      > Redhat has released RHEL 8.3 for the general public last week so
>>>>>      > curious when CentOS 8.3 is coming out for the public?
>>>>>      >
>>>>>
>>>>>      As always .. it will come out when it is done.
>>>>>
>>>>>      We have no idea how long that will take until we finish it .. them
>>>>> we'll
>>>>>      know.
>>>>>
>>>>>
>>>>> Thanks for your hard work on this.
>>>>> Just a question on the technical side: weren't CentOS 8.3 packages
>>>>> already built once for CentOS Stream in the past?
>>>>> It should reduce the amount of packages to be rebuilt right?
>>>> For most of them, yes.  Some are new.  Should be faster than in the
>>>> past.
>>> While we are at it, I was always wondering about reproducible builds.
>>> From
>>> what I understand RHEL is not reproducible, otherwise most packages of
>>> CentOS should be identical with the RedHat packages, right?
>> Right, RHEL is not reproducible, but even if it were, nothing indicates
>> that CentOS builds should be identical for different reasons
>> 1) RHEL sort of accumulates builds and then dumps them for point
>> release, so we have no way to replicate the exact environment in which
>> the build was produced.
>> 2) Debranding, some of our debranding might affect things
>>>
>>> Wouldn't it be a security improvement if RHEL builds were 100%
>>> reproducible? Or do I miss something here?
>> You're not missing anything, it would be a big security improvement, not
>> enough, but still much better.
> 
> It also depends on what you mean reproducible.
> 
> But no .. CentOS has never been the same as RHEL.  There are 2 separate
> closed build systems and always have been.
> 
> The closed CentOS build system gets RELEASED content only.  The close
> Red Hat build system can have many iterations of a package between two
> RELEASED packages that never get pushed.  Those iterative packages are,
> however, used to build things that happen between actual released files.
>  Therefore CentOS Linux content is NOT THE SAME AS RHEL.  If you want
> RHEL .. buy RHEL.
> 
> As far as reproducible .. they COULD be, if you created a special config
> file that was exactly identical to the original build.  We don't do that
> however.   CentOS builds packages that get released today against the
> build system that exists today.  We build what is released next week
> against the build system that exists next week.

Hmm .. missing stuff,

So users need to verify CentOS meets their needs.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20201112/e479a377/attachment-0006.sig>