[CentOS-devel] re CVE errata in CentOS Stream

Fri Feb 26 07:32:00 UTC 2021
Fabian Arrotin <arrfab at centos.org>

On 25/02/2021 17:49, Nico Kadel-Garcia wrote:
<snip>
> 
> I hope you understand my skepticism that stream will be stable enough
> for anything resembling production work, and the lingering suspicion
> that stream is *deliberately* destabilizing to discourage peopole from
> using CentOS for production work.
> 

Hi Nico,

I resisted for a long time participating in debates/threads on
centos-devel about Stream but conspiracy theories are always getting on
my nerves ...

Everybody is free to believe for himself what he wants (including that
Earth is flat, etc ..) but spreading FUD isn't helping.

I don't want to dive into a "arguments fight" on a mailing-list but let
me just give you some facts, and talking here with my SysAdmin hat on
(for centos.org infra) :

Since the announce I decided to default to CentOS Stream for all new
deployments, including critical one : the new complete infra/environment
dedicated to build the new Stream version (aka '9', as people can guess
it also from Brian's presentation at CentOS Dojo and DevConf.cz) *is*
completely built on top of CentOS Stream.

Various roles were all automatically deployed by Ansible, using previous
roles tested on CentOS 8, without any modification needed for Stream (to
be expected, as it's 8).

All pkgs build through infra8* tags on koji
(https://cbs.centos.org/koji/search?match=glob&type=tag&terms=infra8*)
work without a mod for CentOS Stream

Have I tested all the Ansible roles from centos.org infra against Stream
? not yet, but so far our baseline / monitoring / kojihub / kojiweb /
kojid / kvm-host / kvm-guest / postgresql / httpd / mysql / nfs / iscsi
(target and initiators) /haproxy (and others, let me stop here ...)
roles were all working directly, and that on x86_64, ppc64le and aarch64
architectures ...

Now let's just take two seconds to think about it : *if* Red Hat would
really like on purposes to make Stream unstable for production use,
*why* would we even just deploy our critical build infra , used on the
critical path for RHEL9, on top of Stream ? Just think about it and read
this sentence again ;-)

Am I trying to sell you something ? no, and you're free to pick any
solution that fits *your* needs
Am I claiming that Stream is perfect and will be "bug free" ? no (and
nobody did) :-)

Let me finish with this : life is too short to spend time fighting with
each others.
2020 was hard enough so let's *try* to make 2021 'better' (for things
where we can have influence that is) ..

And let me also quote Smooge's signature here, himself using an
interesting quote :
<quote>
Let us be kind to one another, for most of us are fighting a hard battle
-  -- Ian MacClaren
</quote>

Kind Regards,
-- 
Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 17F3B7A1 | twitter: @arrfab