[CentOS] Admins supporting both RHEL and CentOS

Wed Nov 29 11:14:28 UTC 2017
James Hogarth <james.hogarth at gmail.com>

On 28 November 2017 at 16:06, Johnny Hughes <johnny at centos.org> wrote:
> On 11/28/2017 08:20 AM, James Hogarth wrote:
>> On 28 November 2017 at 13:48, Mark Haney <mark.haney at neonova.net> wrote:
>>> On 11/28/2017 08:06 AM, Joseph L. Casale wrote:
>>>> With a few exceptions, I see most admins treat CentOS as a single
>>>> rolling release and rely on the ABI commitment assuming things
>>>> just work between point releases. On the other hand I see the
>>>> opposite with RHEL where admins constrain installations to the
>>>> point release.
>>>> What is the case with users on this list who support both?
>>> I can't really speak for anyone else, but for me, a lot depends on the use
>>> of the systems.  I typically treat RHEL and CentOS the same way as far as
>>> updating to the latest point release.  It's never bit me in the past that I
>>> am aware of.
>>> The only exception to that is with the SGI Altix 4300/4400s I used to
>>> manage.  We migrated from SLES to RHEL and in those cases, barring a serious
>>> enough bug, those boxes were left alone until time came to refresh them,
>>> such as the move from RHEL5 to RHEL6.
>> Note that RHEL is a special case as there's some situations companies
>> will pay out for the Extended Update Support (EUS)[0] in order to stay
>> on a particular milestone for longer.
>> In addition there is the slight bonus of access to beta of the next
>> milestone or major release which may affect your workflow if you have
>> a suitable test environment, and of course you'll get the milestone
>> quicker on release so that needs to be paid attention to for testing.
>> Outside of this area the two can be, and should be, treated
>> identically in terms of update policies.
>> [0] https://access.redhat.com/support/policy/updates/errata
> And also note that Red Hat does not publicly release the SRPMs for their
> EUS packages.  The CentOS Project therefore can not build those, so
> there is NO EUS in CentOS Linux.  The only way to get Security updates
> in CentOS Linux is to be on the current (latest) point release.
> Also, since all updates are built against the current (latest) release
> as they are released, there is no way to get only security updates in
> CentOS Linux.  You could TRY to only install security updates on your
> own .. however, since there are rebases during point releases, things
> that are built against the newer openssl will not work with older ssl's
> OR things build against the newer gnome will not work with older
> gnome's, etc.
> The only tested way to run CentOS Linux is with all the updates
> installed together.

Even Red Hat technically on RHEL doesn't "support" only installing
updates marked security as they always have an assumption all previous
errata are applied.