[CentOS-devel] re CVE errata in CentOS Stream

Sat Feb 27 00:37:23 UTC 2021
Nico Kadel-Garcia <nkadel at gmail.com>

On Thu, Feb 25, 2021 at 2:49 PM Rich Bowen <rbowen at redhat.com> wrote:
> On 2/25/21 11:49 AM, Nico Kadel-Garcia wrote:
> > I hope you understand my skepticism that stream will be stable enough
> > for anything resembling production work, and the lingering suspicion
> > that stream is*deliberately*  destabilizing to discourage peopole from
> > using CentOS for production work.
> The notion that Red Hat would deliberately break something, and then
> tell the whole world "this is what you can expect in the next version of
> RHEL" (which is, in fact, the core of the CentOS Stream messaging) makes
> no sense whatsoever, and would be exactly the same as saying "We plan
> for the next version of RHEL to be garbage."
> I encourage you to read Phil's article -
> https://medium.com/swlh/centos-stream-why-its-awesome-5c45d944fb22 - if
> you have not already done so.

I just read it. It seems.... to echo the party line. His enthusiasm
for simplifying bug reporting and reporting bugs to CentOS Stream,
rather than having to push it through RHEL subscribed ticketing
systems, is not one I'd focused on. .It applauds the great things
about CentOS stream being upstream of RHEL.

All of the desirable CentOS Stream releases are orthogonal to dropping
the point releases based on the RHEL point releases, especially the
distribution media ISO images.

* you can always mirror locally and snapshot the repos and update them
every month or two or whatever works for you.

There's a difficulty of picking when to do these snapshots. They won't
match the RHEL point releases, especially the updates in
/etc/redhat-release, /etc/os-release, and the distribution media with
the full software suites for network free installation. Is there any
evidence that Red Hat is discarding those?