[CentOS] Blog article about the state of CentOS

Sat Jun 20 07:18:21 UTC 2020
Alessandro Baggi <alessandro.baggi at gmail.com>


Il 19/06/20 17:15, Johnny Hughes ha scritto:
> On 6/17/20 12:11 PM, Alessandro Baggi wrote:
>> Hi Johnny,
>> thank you for your and all centos team works.
>>
>> Many of us know how much work is needed for building new releases and
>> maintaining C6 and C7, plus CentOS Stream and modules (Appstream). This is
>> a huge work for a small team. Again thank you.
>>
>> For me OL is not an alternative.
>>
>> As reported in my previous message I'm not worried about how much time is
>> required to build the new (major/minor) release, it will be ready when it
>> will be. My major concern is about the "security update blackout" that take
>> long as the build process.
>>
>> I would ask to you:
>>
>> 1. Why all security fix are stopped when a new release building process is
>> started? There is a way or possibility to run the two process in parallel?
> 
> So .. when a point release happens .. say 7.8 to 7.9 (just an example ..
> could be 6.10 to 6.11 or 8.1 to 8.2, etc)
> 
> Those packages are built against EACH other, one at a time.  Once we
> build the new gcc, new kernel, and new glibc (if they are reqruies) ..
> then all the OTHER updated packages are built against those new
> libraries.. they therefore need those NEW shared libraries to run.  So
> the new files have to be released as a set, not individually.
> 
>>
>> 2. When a build process is started and a security fix released there is a
>> way for your team to "suspend" the building process, release security
>> updates (for 6/7.x or 8.1) and resume the builing process? I think that
>> many users (included me) will have less disappointment having security
>> updates instead of receiving a  "signal lost" when building process takes
>> its way.
> 
> It makes no difference if the update is a bugfix update or a security
> update.  If 500 packages get released at the same time, they have to be
> built in a specific order in order to match how they were built in RHEL.
> 
> We have to build them, one at a time, then individually test them to
> make sure they LINK against the proper new libraries and not older
> libraries.
> 
> Also any UPDATES released to the new version , after RHEL does the point
> release (so updates FOR 7.9 after the 7.9 release) need to wait until
> the 7.9 release is done and tested to be built .. as they were built
> against RHEL 7.9 and not RHEL 7.8
> 
> So, you can't just build items out of order at point release time.
> 
> 
> We have to build the 500 packages , in a specific order. We then have to
> test the packages, and usually rebuild several of them again for bad
> links, etc.
> 
> This is the process that takes time .. testing and getting the proper
> links to the proper shared libraries.
> 
> If we quickly release bad files .. then we have to rebuild them and
> re-release them with different versions that RHEL has (because they have
> to replace our previuosly BAD release).  That is not good for anyone.
> 
> Hopefully this answers your question.

Hi Johnny,
thank you for your answer. This is more clear to me now.

Alessandro.