[CentOS-devel] re CVE errata in CentOS Stream

Sat Feb 27 21:01:17 UTC 2021
redbaronbrowser <redbaronbrowser at protonmail.com>

On Saturday, February 27, 2021 2:15 PM, Mike McGrath <mmcgrath at redhat.com> wrote:

> On Sat, Feb 27, 2021 at 1:30 PM redbaronbrowser via CentOS-devel <centos-devel at centos.org> wrote:
> On the Red Hat side of this equation, I can say our focus has been trying to get people into RHEL proper and getting our new programs created, terms legally vetted, etc.  On the community side of this equation, alternative builds already exist (and I'm aware of at least one other one announced for March I think?) it seems extremely unlikely we'll revisit the RHEL8 lifecycle.
>         -Mike

Sure, Red Hat is working to try to make RHEL attractive to others.

As you point out there is a community clone coming in March.  There is also a non-commmunity build already trying to poach users through twitter announcements.  Neither of those will achieve what Stream is attempting to.

I expect the majority of CentOS 8 users will choose RHEL and to a lesser extent the alternative clones as the C8 end gets close.  I have not problem with that and I expect that to remain to be true regardless of when C8 ends.

But I'm not asking for RHEL8 lifecycle to change, instead I am asking for the CentOS 8 lifecycle to be changed--just a little bit.  Having 10 months remaining of runway for the community involvement to take off is highly aggressive.

The amount of time given for community involvement in CI/CD testing is going to be critical for motivating as large a group as possible to adopt Stream.  For example, let's say staying with the Dec 31st date results in for every 1,000 systems coverted to RHEL there is 10 systems that covert to Stream.  But if giving 3-6 more months runway to Stream to build up means it is 11 systems that go to Stream, that is a 10% boost to Stream.  Even if that 11th system takes away from the RHEL pool, the numbers for RHEL still remain 99.9% the same.  Wouldn't shifting that one system from downstream to Upstream be more vaulable in the long run that going from downstream to midstream?

Look, I understand you have decided I'm non-human and looking to "blow up" Red Hat like some crazy robotic terrorist.  I'm sorry, I get it, don't trust me.

Please instead ask yourself these two questions:

If you could send an email to yourself that goes back in time a year ago, is there anything you would have told yourself to do differently to prepare for the December announcement?

And if yourself from a year in the future could email you today, what do you think he would be telling you?

I am not trying to attack you or anyone else at Red Hat with these questions.  I am interested in what the answers would be but if you don't want to share them with me, I completely understand.

However, is there any chance there are additional things you (or others) could do if allowed more than 10 remaining months on the C8 stopwatch that would benefit Stream and Red Hat more in the long run?