On 07/08/2020 10:01, Johnny Hughes wrote: > On 8/7/20 3:46 AM, Nicolas Kovacs wrote: >> Le 07/08/2020 à 09:40, Alessandro Baggi a écrit : >>> Probably many users have not updated their machines between the bug release and >>> the resolution (thanks to your fast apply in the weekend, thank you) and many >>> update their centos machines on a 2 months base (if not worst). I think also >>> that many users of CentOS user base have not proclamed their >>> disappointement/the issue on this list or in other channels. For example I >>> simply updated in the wrong time. >> >> I'm using yum-cron to keep all my server updated on a daily basis. >> >> And my question "How could this have passed Q & A" was obviously directed at >> Red Hat... and *not* at Johnny Hughes and the CentOS team who do their best to >> deliver the best possible downstream system. I raise my morning coffee mug to >> your health, guys. >> >> Cheers, >> >> Niki >> > I can assure you .. a BUNCH of testing was done. Because of the scope > of this udpate, the CentOS team was looped in during the embargo stage > (we normally are not .. Red Hat Engineering got permission to make this > happen for this issue). Normally we see things that are open source only > .. not embargoed content. Once the embargo gets lifted, the items > become open source. Kudos to the RH team for making this happen. > > The CentOS team worked with the RHEL team on this update for several > days (more than a week, for sure, maybe 2 weeks) > > I gained MUCH respect for all those guys .. especially Peter Jones. He > is Mr.Secure Boot. > > I personally tested both the c8 and c7 solutions on several machines > (All i have access to actually, including several personal machines that > have secureboot). I saw some of the testing that happened on the RHEL > side. It was extensive. > I'll just add to Johnny's already comprehensive reply. As a member of the CentOS QA team, I personally tested the update on 3 physical machines and all worked fine. Moreover, the QA team was not able to replicate the issue on a single physical machine available to them - the first indication of a problem came from public reports. We give up a huge amount of our personal time and resources to ensure CentOS (and RHEL) are the very best products they can be. I'm unsure what more could have been done. > Microsoft, Debian, Ubuntu and others also had issues with this .. so if > you are losing trust, you are losing it with all OS vendors WRT this issue. > > All I can say is .. this issue was the hardest thing I have been > involved with since starting with the CentOS Project 17 years ago. > > Obviously, everyone involved in this build would have prevented this > from happening if they could have. Secureboot is complicated. > >