[CentOS] This doesn't make sense

Fri Sep 23 17:29:51 UTC 2011
Dennis Jacobfeuerborn <dennisml at conversis.de>

On 09/23/2011 06:57 PM, Johnny Hughes wrote:
> On 09/23/2011 09:06 AM, Stefan Held wrote:
>> Am Donnerstag, den 22.09.2011, 07:28 -0500 schrieb Johnny Hughes:
>>
>>> No matter what we try to do ... some kind of rolling updates for people
>>> who do not want to wait ... or whatever the next thing is ... well you
>>> do not seem to be happy.
>>
>> Your "Customers" are not unhappy because they don't like what you do.
>> Your "Customers" are unhappy because they don't know what you do.
>>
>> The Release and QA Process seems recently to have become a mirracle.
>> There is nothing discussed where your Problems are in getting things
>> done.
>>
>> So if nobody knows where you are stuck. (Who are the persons anyway
>> hidden in the secret labs?!) Nobody can step up and help out.
>>
>> Where is this discussion maintained anyway? The Currents process is
>> untransparent. And for a "C"OMMUNITY "E"nterperise "O"perating "S"ystem
>> this fact is not acceptable.
>>
>> We know that the big boys at RH changed the whole system, but the
>> community accepted that you need time for 6.0 to adept to these changes.
>>
>> Since then we all thought the issues would have been solved. So what
>> now? What exactly is holding of the release of 6.1 and where can we as a
>> community step in and help?
>>
>>> If you aren't happy, well then we would recommend "something else" that
>>> does make you happy.
>>
>> Or give us the possibility to help becoming happy again. But doing it
>> like Dumbledore in secret regions of the Centos-Hogwards Terrertory is
>> an bad option as it seems.
>>
>>> Happy is important ... don't go through life unhappy because of an OS.
>>
>> You seem very unhappy at the moment ;)
>>
>>> We just want you to be happy Les.
>>
>> see my above text.
>>
>
> Are we going to start this again ... we are doing the best we can and we
> are building things as we go along to take care of issue when we hit a snag.
>
> There is a whole channel of RPMs that we are not allowed to look at from
> upstream now.  They do not release them on any ISOs and we can't pull
> things directly off RHN (the only way to get the optional channel) and
> use it.  This is just one of many issues we are having right now.
>
> If you can do it better, then do it.
>
> If you can not do it better, great, neither can we ... if we could have
> been done by now, we would have been by now.
>
> You can, as always, pay Red Hat for RHEL if you have servers where
> CentOS does not meet your update requirements.

What you are suggesting here is that people should expect centos systems to 
be insecure and go the RHEL if they want secure systems.
Have you pondered the moral implications of your statement? Does that mean 
that the centos project is perfectly fine with knowingly distributing a 
system that insecure and a danger not only to its users but to others as well?

If as you also seem to suggest the project is so severly understaffed have 
the people in charge considered shutting down the project? This might be 
the more responsible option compared to having a lot of unsecured systems 
out there for long periods of time.

Another issue are the priorities of the project. So apparently you are busy 
working on 6.0/cr and 6.x which is fine. But there is a major but in the 
current apache packages with a known and released fix upstream. Why can 
nobody make a manual build sign it and upload it to vault.centos.org?
The fact that apparently people are busy with other stuff but this 
important update is not considered worthy of anyone's attention is not a 
problem that can be solved by adding more people but only by the current 
people making better decisions. Drop whatever 6.x related things you are 
doing, build the package, put it online, make an announcement and then get 
back to the regular schedule. If there are issues that prevent this then 
make an announcement to that effect so that people at least know that they 
have to take matter in their own hands. Writing such an email would take 5 
minutes and there are not technical hurdles preventing you from doing so. 
This alone would already be a big improvement over the current situation.

Regards,
   Dennis