Il 19/06/20 17:15, Johnny Hughes ha scritto: > On 6/17/20 12:11 PM, Alessandro Baggi wrote: >> Hi Johnny, >> thank you for your and all centos team works. >> >> Many of us know how much work is needed for building new releases and >> maintaining C6 and C7, plus CentOS Stream and modules (Appstream). This is >> a huge work for a small team. Again thank you. >> >> For me OL is not an alternative. >> >> As reported in my previous message I'm not worried about how much time is >> required to build the new (major/minor) release, it will be ready when it >> will be. My major concern is about the "security update blackout" that take >> long as the build process. >> >> I would ask to you: >> >> 1. Why all security fix are stopped when a new release building process is >> started? There is a way or possibility to run the two process in parallel? > > So .. when a point release happens .. say 7.8 to 7.9 (just an example .. > could be 6.10 to 6.11 or 8.1 to 8.2, etc) > > Those packages are built against EACH other, one at a time. Once we > build the new gcc, new kernel, and new glibc (if they are reqruies) .. > then all the OTHER updated packages are built against those new > libraries.. they therefore need those NEW shared libraries to run. So > the new files have to be released as a set, not individually. > >> >> 2. When a build process is started and a security fix released there is a >> way for your team to "suspend" the building process, release security >> updates (for 6/7.x or 8.1) and resume the builing process? I think that >> many users (included me) will have less disappointment having security >> updates instead of receiving a "signal lost" when building process takes >> its way. > > It makes no difference if the update is a bugfix update or a security > update. If 500 packages get released at the same time, they have to be > built in a specific order in order to match how they were built in RHEL. > > We have to build them, one at a time, then individually test them to > make sure they LINK against the proper new libraries and not older > libraries. > > Also any UPDATES released to the new version , after RHEL does the point > release (so updates FOR 7.9 after the 7.9 release) need to wait until > the 7.9 release is done and tested to be built .. as they were built > against RHEL 7.9 and not RHEL 7.8 > > So, you can't just build items out of order at point release time. > > > We have to build the 500 packages , in a specific order. We then have to > test the packages, and usually rebuild several of them again for bad > links, etc. > > This is the process that takes time .. testing and getting the proper > links to the proper shared libraries. > > If we quickly release bad files .. then we have to rebuild them and > re-release them with different versions that RHEL has (because they have > to replace our previuosly BAD release). That is not good for anyone. > > Hopefully this answers your question. Hi Johnny, thank you for your answer. This is more clear to me now. Alessandro.