On 6/17/20 12:11 PM, Alessandro Baggi wrote: > Hi Johnny, > thank you for your and all centos team works. > > Many of us know how much work is needed for building new releases and > maintaining C6 and C7, plus CentOS Stream and modules (Appstream). This is > a huge work for a small team. Again thank you. > > For me OL is not an alternative. > > As reported in my previous message I'm not worried about how much time is > required to build the new (major/minor) release, it will be ready when it > will be. My major concern is about the "security update blackout" that take > long as the build process. > > I would ask to you: > > 1. Why all security fix are stopped when a new release building process is > started? There is a way or possibility to run the two process in parallel? So .. when a point release happens .. say 7.8 to 7.9 (just an example .. could be 6.10 to 6.11 or 8.1 to 8.2, etc) Those packages are built against EACH other, one at a time. Once we build the new gcc, new kernel, and new glibc (if they are reqruies) .. then all the OTHER updated packages are built against those new libraries.. they therefore need those NEW shared libraries to run. So the new files have to be released as a set, not individually. > > 2. When a build process is started and a security fix released there is a > way for your team to "suspend" the building process, release security > updates (for 6/7.x or 8.1) and resume the builing process? I think that > many users (included me) will have less disappointment having security > updates instead of receiving a "signal lost" when building process takes > its way. It makes no difference if the update is a bugfix update or a security update. If 500 packages get released at the same time, they have to be built in a specific order in order to match how they were built in RHEL. We have to build them, one at a time, then individually test them to make sure they LINK against the proper new libraries and not older libraries. Also any UPDATES released to the new version , after RHEL does the point release (so updates FOR 7.9 after the 7.9 release) need to wait until the 7.9 release is done and tested to be built .. as they were built against RHEL 7.9 and not RHEL 7.8 So, you can't just build items out of order at point release time. We have to build the 500 packages , in a specific order. We then have to test the packages, and usually rebuild several of them again for bad links, etc. This is the process that takes time .. testing and getting the proper links to the proper shared libraries. If we quickly release bad files .. then we have to rebuild them and re-release them with different versions that RHEL has (because they have to replace our previuosly BAD release). That is not good for anyone. Hopefully this answers your question. <snip> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20200619/12dff85f/attachment-0005.sig>