[CentOS] Kernel live patching on CentOS Stream 9

Thu Jan 13 19:10:30 UTC 2022
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On 1/13/22 1:01 PM, Gordon Messmer wrote:
> On 1/13/22 09:32, Valeri Galtsev wrote:
>> In layman's language summary: RedHat Enterprise features (including 
>> "live" kernel patching) are to be expected _only_ in RedHat Enterprise 
>> "binary replica" distributions, which CentOS Stream is not. 
> I don't think that's true, exactly.  As far as I know, rebuild 
> distributions never had the "Enterprise" features*.  Critically, I think 
> that a lot of people mistakenly believed that CentOS *did* have 
> Enterprise features, because it was rebuilt from RHEL code, and that 
> misunderstanding underlies a great deal of the negative response toward 
> CentOS Stream.

Thanks for correcting my layman's representation. It should have better 
said that "binary replica" is "binary compatible" in a sense whatever 
software distributed as binary for RHEL will work the same on "binary 
replica". I guess my views and wordings got skewed by latest changes of 
CentOS paradigms.

> *: "Enterprise" features include but are not limited to:
> 1. Minor releases with independent life cycles / Extended Update Support
> 2. Classification for updates (security, bugfix, enhancement)
> 3. Live patching for kernel security vulnerabilities

We never had it in CentOS in the past, but I'm just curious: is live 
patching proprietary piece of RHEL? I know there are several solutions, 
way back there was paid one called splice, my Boss's son was one of the 
developers of that. Just curious, as, if it is paid, it is stripped off 
as part of CentOS composition, but if it is not paid, open source, then 
it would "just work", or not?

> 4. Support

Oops, as features I meant functionality of CentOS, nothing beyond that.


> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos