[CentOS-devel] re CVE errata in CentOS Stream

Thu Feb 25 20:09:37 UTC 2021
redbaronbrowser <redbaronbrowser at protonmail.com>

On Thursday, February 25, 2021 10:49 AM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:

> > If instead they already have rebased the package (#2 above .. Stream is
> > slightly ahead of RHEL).
>
> I hope you understand my skepticism that stream will be stable enough
> for anything resembling production work, and the lingering suspicion
> that stream is deliberately destabilizing to discourage peopole from
> using CentOS for production work.

Please read Stef Walter's blog post here:
https://blog.centos.org/2020/12/centos-stream-is-continuous-delivery/

What you seem to be suggesting is RHEL / CentOS would deliberately push out packages regardless of CI/CD results.  I don't believe that is true.

Despite changes to Stream coming slightly ahead of RHEL, we should by nature of our contributions to CI/CD tests to establish the requirements for the package releases into Stream.  Those tests can include cases that characterize our production use.

The question should not be if we can stabilize Stream for production use but rather WHEN.  My best guess is most evaluations for switching to Stream will be taking place 60 to 90 days before CentOS 8 ends.  So, to best encourage adoption of Stream by CentOS 8 users requires having CI/CD testing improved before October.

I sympathize with your skepticism but do not agree with it.  Biggest threat to Stream right now is time.  Claims there is a deliberate attempt to destablize Stream does not fit with the whole point of improved testing.  There is just a lot of work to do and a window of opportunity that is closing fast.