Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Kevin Kofler via devel]

Carlos Rodriguez-Fernandez wrote:
> After much discussion, the AlmaLinux OS Foundation board today has
> decided to drop the aim to be 1:1 with RHEL. AlmaLinux OS will instead
> aim to be Application Binary Interface (ABI) compatible*

So this is now a significant difference between AlmaLinux and Rocky Linux, 
which were previously basically two of the same.

Rocky Linux is intent on keeping 1:1 compatibility by obtaining RHEL sources 
through undocumented (by RH), but apparently legal (at least according to 
Rocky), tricks:

https://rockylinux.org/news/keeping-open-source-open/

and has reaffirmed this in their forums in light of the AlmaLinux 
announcement:

https://forums.rockylinux.org/t/has-red-hat-just-killed-rocky-linux/10378/195

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Carlos Rodriguez-Fernandez]

On 7/14/23 00:02, Vitaly Zaitsev via devel wrote:

On 14/07/2023 08:16, Carlos Rodriguez-Fernandez wrote:
After much discussion, the AlmaLinux OS Foundation board today has 
decided to drop the aim to be 1:1 with RHEL. AlmaLinux OS will instead 
aim to be Application Binary Interface (ABI) compatible*


Imagine Red Hat shutting down CentOS Stream in a year or two just 
because they [Alma, etc.] started doing rebuilds. :-D



That would be epic, LOL.


OpenPGP_0x47EBED05C3375B1F.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Vitaly Zaitsev via devel]

On 14/07/2023 08:16, Carlos Rodriguez-Fernandez wrote:
After much discussion, the AlmaLinux OS Foundation board today has 
decided to drop the aim to be 1:1 with RHEL. AlmaLinux OS will instead 
aim to be Application Binary Interface (ABI) compatible*


Imagine Red Hat shutting down CentOS Stream in a year or two just 
because they [Alma, etc.] started doing rebuilds. :-D


--
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Carlos Rodriguez-Fernandez]

This is actually good news, especially for the CentOS Stream project.

https://almalinux.org/blog/future-of-almalinux/

Quotes:

After much discussion, the AlmaLinux OS Foundation board today has 
decided to drop the aim to be 1:1 with RHEL. AlmaLinux OS will instead 
aim to be Application Binary Interface (ABI) compatible*


We will also start asking anyone who reports bugs in AlmaLinux OS to 
attempt to test and replicate the problem in CentOS Stream as well, so 
we can focus our energy on correcting it in the right place.


While all of these changes open up a lot of opportunities, we want to be 
clear about the fact that we are still dedicated to being good open 
source citizens. We’ll continue to contribute upstream in Fedora and 
CentOS Stream and to the greater Enterprise Linux ecosystem, just as we 
have been doing since our inception, and we invite our community to do 
the same!





On 7/12/23 15:28, Leslie Satenstein via devel wrote:
SUSE has also jumped in to say they will provide an alternative, but 
compatible Linux to RH.




Leslie Satenstein



On Tuesday, July 11, 2023 at 06:49:38 a.m. GMT-4, Kevin Kofler via devel 
 wrote:



Oracle has (finally – the community projects Rocky and Alma were much
quicker to react) made an announcement about the situation:
https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/ 


         Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org 

To unsubscribe send an email to devel-le...@lists.fedoraproject.org 

Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 

List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org 
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue 



___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue


OpenPGP_0x47EBED05C3375B1F.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Leslie Satenstein via devel]

SUSE has also jumped in to say they will provide an alternative, but compatible 
Linux to RH.


Leslie Satenstein
 

On Tuesday, July 11, 2023 at 06:49:38 a.m. GMT-4, Kevin Kofler via devel 
 wrote:  
 
 Oracle has (finally – the community projects Rocky and Alma were much 
quicker to react) made an announcement about the situation:
https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/

        Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
  ___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael Catanzaro]

On Tue, Jul 11 2023 at 09:18:57 PM +0200, Leon Fauster via devel 
 wrote:

C8S ends 2024, while RHEL8 ends 2029
C9S ends 2027, while RHEL9 ends 2032


You're forgetting the Extended life cycle support phase. RHEL 8 and 9 
will both have a 13-year lifecycle (down from 14 years). See this table:


https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates

Michael

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Leon Fauster via devel]

Am 11.07.23 um 21:02 schrieb Chris Adams:

Once upon a time, Mattia Verga  said:

Since RHEL is made out from Centos Stream and Centos Stream is made out from 
Fedora ELN, can't Alma and Rocky branch directly from Fedora?
Can we collaborate in some way with those communities so that we support each 
other? I mean, like we have Fedora ELN and EPEL...


Their goal is to replicate, as near as practical, the versions, bug
fixes, patches, etc. in RHEL, so that the usage (and for some people,
running of pre-compiled binaries) is functionally identical to a given
RHEL release.  Since Red Hat has long used the "patch rather than
upgrade" approach for most packages during a release's lifetime, the
only way to get a practically-identical system is to get those same
patches.

In theory, any patch to a package in say RHEL 9.2 should eventually land
in CentOS Stream 9, because RHEL 9.3 should be forked from CentOS Stream
9, but that doesn't always happen in a convenient time frame (plus
sometimes something may be fixed one way in a 9.2 update but differently
in 9.3).  Also, CentOS Stream 9 will stop getting updated much sooner
than RHEL 9.x - when RHEL 9.x transitions to "maintenance mode" (no new
functionality planned, just bug/security fixes), CentOS Stream 9 will
stop altogether.

And Fedora ELN is aimed at CentOS Stream 10, which will eventually be
used to make RHEL 10.0, so is not useful for replicating RHEL 9.x
updates.



An addendum to this:

C8S ends 2024, while RHEL8 ends 2029
C9S ends 2027, while RHEL9 ends 2032

--
Leon
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Chris Adams]

Once upon a time, Mattia Verga  said:
> Since RHEL is made out from Centos Stream and Centos Stream is made out from 
> Fedora ELN, can't Alma and Rocky branch directly from Fedora?
> Can we collaborate in some way with those communities so that we support each 
> other? I mean, like we have Fedora ELN and EPEL...

Their goal is to replicate, as near as practical, the versions, bug
fixes, patches, etc. in RHEL, so that the usage (and for some people,
running of pre-compiled binaries) is functionally identical to a given
RHEL release.  Since Red Hat has long used the "patch rather than
upgrade" approach for most packages during a release's lifetime, the
only way to get a practically-identical system is to get those same
patches.

In theory, any patch to a package in say RHEL 9.2 should eventually land
in CentOS Stream 9, because RHEL 9.3 should be forked from CentOS Stream
9, but that doesn't always happen in a convenient time frame (plus
sometimes something may be fixed one way in a 9.2 update but differently
in 9.3).  Also, CentOS Stream 9 will stop getting updated much sooner
than RHEL 9.x - when RHEL 9.x transitions to "maintenance mode" (no new
functionality planned, just bug/security fixes), CentOS Stream 9 will
stop altogether.

And Fedora ELN is aimed at CentOS Stream 10, which will eventually be
used to make RHEL 10.0, so is not useful for replicating RHEL 9.x
updates.

-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Andreas Tunek]

Den tis 11 juli 2023 kl 19:12 skrev Mattia Verga via devel <
devel@lists.fedoraproject.org>:

> Since RHEL is made out from Centos Stream and Centos Stream is made out
> from Fedora ELN, can't Alma and Rocky branch directly from Fedora?
>
Can we collaborate in some way with those communities so that we support
> each other? I mean, like we have Fedora ELN and EPEL...
>

Wouldn't it make more sense to branch out from CentOS Stream if they want
to be close to RHEL?

/Andreas


>
>
> Inviato da Proton Mail mobile
>
>
>
>  Messaggio originale 
> Il 11 Lug 2023, 12:49, Kevin Kofler via devel <
> devel@lists.fedoraproject.org> ha scritto:
>
>
> Oracle has (finally – the community projects Rocky and Alma were much
> quicker to react) made an announcement about the situation:
> https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/
> Kevin Kofler ___ devel mailing
> list -- devel@lists.fedoraproject.org To unsubscribe send an email to
> devel-le...@lists.fedoraproject.org Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Mattia Verga via devel]

Since RHEL is made out from Centos Stream and Centos Stream is made out from 
Fedora ELN, can't Alma and Rocky branch directly from Fedora?
Can we collaborate in some way with those communities so that we support each 
other? I mean, like we have Fedora ELN and EPEL...

Inviato da Proton Mail mobile

 Messaggio originale 
Il 11 Lug 2023, 12:49, Kevin Kofler via devel ha scritto:

> Oracle has (finally – the community projects Rocky and Alma were much quicker 
> to react) made an announcement about the situation: 
> https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/
>  Kevin Kofler ___ devel mailing 
> list -- devel@lists.fedoraproject.org To unsubscribe send an email to 
> devel-le...@lists.fedoraproject.org Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List 
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List 
> Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org 
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael J Gruber]

Kevin Kofler via devel venit, vidit, dixit 2023-07-11 12:49:10:
> Oracle has (finally – the community projects Rocky and Alma were much 
> quicker to react) made an announcement about the situation:
> https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/

Thanks for the pointer.

They really make sure that they come out as "the last standing good
ones" from this. Cleverly written. And they do have valid points.

It's kind of sad when you know where RedHat and Oracle are coming from,
and how predictable that PR twist ist.

Now, if Orcale really makes sure to pick from CentOS Stream as closely
(to RHEL) as possible we can take gusses how long it will take Alma and
Rocky to change upstreams, or become obsolete.

Michael
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Andreas Tunek]

Den tis 11 juli 2023 kl 12:49 skrev Kevin Kofler via devel <
devel@lists.fedoraproject.org>:

> Oracle has (finally – the community projects Rocky and Alma were much
> quicker to react) made an announcement about the situation:
>
> https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/
>
> Kevin Kofler
>

I wonder what they would build Oracle Linux on if RH stop making RHEL?

"Finally, to IBM, here’s a big idea for you. You say that you don’t want to
pay all those RHEL developers? Here’s how you can save money: just pull
from us. Become a downstream distributor of Oracle Linux. We will happily
take on the burden."

/Andreas



> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Tomasz Torcz]

On Tue, Jul 11, 2023 at 12:49:10PM +0200, Kevin Kofler via devel wrote:
> Oracle has (finally – the community projects Rocky and Alma were much 
> quicker to react) made an announcement about the situation:
> https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/

 SUSE too, but it is not so funny as Oracle's
 https://www.suse.com/news/SUSE-Preserves-Choice-in-Enterprise-Linux/

-- 
Tomasz Torcz“Funeral in the morning, IDE hacking
to...@pipebreaker.pl in the afternoon and evening.” - Alan Cox
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Kevin Kofler via devel]

Oracle has (finally – the community projects Rocky and Alma were much 
quicker to react) made an announcement about the situation:
https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Leon Fauster via devel]

Am 03.07.23 um 02:00 schrieb Michael Catanzaro:
On Sun, Jul 2 2023 at 06:27:48 PM -0400, Demi Marie Obenour 
 wrote:

What about stuff that is too urgent to wait on Red Hat QA?  There have
been vulnerabilities (such as CVE-2013-0156 and Log4Shell) for which
unauthenticated, fully automated, remote code execution exploits have
been found very, _very_ quickly.  There may well be times when
attackers can write and use an exploit faster than Red Hat QA can
process an update.  For these vulnerabilities waiting on Red Hat QA
is not an option.


Dire emergencies like these are extremely rare, but when they do occur, 
everybody needs to work together to get updates out to all users ASAP. 
That's true for every distro. Hypothetically speaking, if I were ever 
unfortunate enough to be responsible for an emergency scenario like 
that, I'd still want enough basic QA to at least ensure that the update 
won't eat your disk, but such decisions would surely be handled on a 
case-by-case basis.


In a more normal situation, updates take a few days to prepare. I really 
don't think there's any problem with how CVEs are handled in CentOS 
Stream *except* for the problem I mentioned earlier about maintainers 
forgetting to push package updates to CentOS Stream by mistake. We need 
a better process to ensure human error doesn't result in CentOS Stream 
missing security or non-security updates. (This impacts RHEL too, 
because future minor releases are built from CentOS Stream, and we don't 
want fixes to disappear in future releases.)



There is also demand between major release, some "features" are missing 
in EL9 for instance.


--
Leon
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael Catanzaro]

On Sun, Jul 2 2023 at 06:27:48 PM -0400, Demi Marie Obenour 
 wrote:

What about stuff that is too urgent to wait on Red Hat QA?  There have
been vulnerabilities (such as CVE-2013-0156 and Log4Shell) for which
unauthenticated, fully automated, remote code execution exploits have
been found very, _very_ quickly.  There may well be times when
attackers can write and use an exploit faster than Red Hat QA can
process an update.  For these vulnerabilities waiting on Red Hat QA
is not an option.


Dire emergencies like these are extremely rare, but when they do occur, 
everybody needs to work together to get updates out to all users ASAP. 
That's true for every distro. Hypothetically speaking, if I were ever 
unfortunate enough to be responsible for an emergency scenario like 
that, I'd still want enough basic QA to at least ensure that the update 
won't eat your disk, but such decisions would surely be handled on a 
case-by-case basis.


In a more normal situation, updates take a few days to prepare. I 
really don't think there's any problem with how CVEs are handled in 
CentOS Stream *except* for the problem I mentioned earlier about 
maintainers forgetting to push package updates to CentOS Stream by 
mistake. We need a better process to ensure human error doesn't result 
in CentOS Stream missing security or non-security updates. (This 
impacts RHEL too, because future minor releases are built from CentOS 
Stream, and we don't want fixes to disappear in future releases.)


Michael

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Demi Marie Obenour]

On 6/24/23 11:05, Michael Catanzaro wrote:
> 
> On Sat, Jun 24 2023 at 08:53:32 AM -0500, Chris Adams 
>  wrote:
>>> Is it?  At one point, there were considerable gaps in security 
>>> updates;
>> RHEL 9.x would get an update while CentOS Stream 9 (as the target for
>> RHEL 9.[x+1]) didn't get a corresponding update for quite a while.  If
>> Stream doesn't get security updates in a timely fashion, it is not at
>> all suitable for production use.
> 
> So here is the reality with security updates. The vast majority of 
> security updates are shipped in RHEL 3-9 months after we fix them, 
> because minimizing the quantity of updates is an important goal in RHEL 
> to reduce update churn for customers, so we only want to release quick 
> fixes for issues that pose serious risk. (Most security issues are just 
> not very urgent.) This means you get most security fixes drastically 
> sooner in CentOS Stream than you would in RHEL. However, 
> higher-severity security updates do get fixed in RHEL first. Developers 
> are not permitted to fix higher-severity security issues in CentOS 
> Stream until after the fix is shipped in at least one RHEL update. 
> We're encouraged to do so immediately after the fix ships in RHEL, so 
> there *should* only be a minor delay of, say, one or two business days 
> for the developer to notice the update has shipped. So in general, 
> CentOS Stream *should* generally be ahead of RHEL and ideally only 
> slightly behind for the more serious CVEs.

What about stuff that is too urgent to wait on Red Hat QA?  There have
been vulnerabilities (such as CVE-2013-0156 and Log4Shell) for which
unauthenticated, fully automated, remote code execution exploits have
been found very, _very_ quickly.  There may well be times when
attackers can write and use an exploit faster than Red Hat QA can
process an update.  For these vulnerabilities waiting on Red Hat QA
is not an option.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael Catanzaro]

On Sun, Jul 2 2023 at 09:53:30 PM +, "Smith, Stewart via devel" 
 wrote:
With this development model, what is the thought for those who may 
want to / be able to submit pull requests to CentOS Stream with 
security fixes?


It really depends. CentOS Stream does accept merge requests. With 
respect to security fixes in particular, I would certainly expect Red 
Hat would accept most merge requests that fix security problems. 
However, landing any change requires a relatively high amount of effort 
from a relatively large amount of people compared to Fedora, where 
packagers are in charge and things are much simpler. So whether or not 
your merge request will be accepted into CentOS Stream will be a 
business decision rather than a community decision. Factors that are 
outside your control will be considered (e.g. "how busy is QA team 
right now?") So my suggestion is to talk to the developers you see in 
the package changelog before submitting a merge request. Merge requests 
will often (hopefully even generally) be welcome, but not always. It's 
open source, but it's not a true community project like Fedora.


For WebKitGTK specifically, I'm not interested in patching individual 
CVEs in CentOS Stream: it's generally much easier and safer to just 
always update to the latest upstream release instead.


Michael

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Smith, Stewart via devel]

On Jun 24, 2023, at 8:05 AM, Michael Catanzaro  wrote:
> 
> On Sat, Jun 24 2023 at 08:53:32 AM -0500, Chris Adams
>  wrote:
>>> Is it?  At one point, there were considerable gaps in security
>>> updates;
>> RHEL 9.x would get an update while CentOS Stream 9 (as the target for
>> RHEL 9.[x+1]) didn't get a corresponding update for quite a while.  If
>> Stream doesn't get security updates in a timely fashion, it is not at
>> all suitable for production use.
> 
> So here is the reality with security updates. The vast majority of
> security updates are shipped in RHEL 3-9 months after we fix them,
> because minimizing the quantity of updates is an important goal in RHEL
> to reduce update churn for customers, so we only want to release quick
> fixes for issues that pose serious risk. (Most security issues are just
> not very urgent.) This means you get most security fixes drastically
> sooner in CentOS Stream than you would in RHEL. However,
> higher-severity security updates do get fixed in RHEL first. Developers
> are not permitted to fix higher-severity security issues in CentOS
> Stream until after the fix is shipped in at least one RHEL update.
> We're encouraged to do so immediately after the fix ships in RHEL, so
> there *should* only be a minor delay of, say, one or two business days
> for the developer to notice the update has shipped. So in general,
> CentOS Stream *should* generally be ahead of RHEL and ideally only
> slightly behind for the more serious CVEs.

With this development model, what is the thought for those who may want to / be 
able to submit pull requests to CentOS Stream with security fixes?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Smith, Stewart via devel]

> On Jun 22, 2023, at 2:01 AM, Matthew Miller  wrote:
>> 
>>> 
>>> ELN is a build of (some) Fedora packages with EL-specific options, so
>>> it requires Fedora.
>> ELN can exist off an internal non fedora tree. Just depends who is
>> updating the tree.
> 
> Sure, but... that's the _opposite_ of the direction things are going.
> Previously, what happened to make a major RHEL release was:
> 
> 1. Some Fedora Linux Release -> an internal bootstrap
> 2. ...  a year or so of secret work ...
> 3. RHEL Beta
> 4. RHEL Release
> 5. CentOS Linux rebuild
> 6. Internal RHEL build process, internal work on minor release
> 7. RHEL updates appear in publiuc
> 8. CentOS Linux rebuilds of those.
> 
> There's no connection to Fedora beyond the intial fork, and a lot of work
> done inside Red Hat without any transparency.

This was one of our key reasons to look at Fedora as an explicit upstream for 
the next generation of Amazon Linux. Without a feedback loop for contributions 
and changes, it severely limits what you may even want to incorporate, as 
merging this all for the next major release could be a major pain.

Even trivially small things (such as bug fixes) that are beneficial to all (a 
random semi-recent example is making `lshw` not do a DNS lookup) weren’t 
*really* possible to quickly throw a pull request up for before CentOS Streams.

There were other really nice properties of Fedora as well, such as each release 
having a mass-rebuild and thus you can be fairly sure that at any branch point, 
everything is quite likely to all build together.

> Now, CentOS Stream brings that to the surface:
> 
> 1. Fedora Rawhide continually updated
> 2. ELN maintained in parallel, as part of Fedora
> 3. At some point, ELN branched to new CentOS Stream
> 4. ... a year or so of CentOS Stream development in public ...
> 5. RHEL Beta forked from that, released
> 6. Work on RHEL updates visible in CentOS Stream
> 7. Updates appear in CentOS Stream
> 8. Updates released to RHEL
> 
> Note that with CentOS Stream 10 / RHEL 10, step 3 here will _maintain git
> history from Fedora, which is a big improvement in preserving all of the
> incredible, valuable work from Fedora contributors.

Maintaining git history is certainly fantastic from a transparency point of 
view.

Beyond just git trees, we have had a few discussions in the Amazon Linux space 
on what we do with changelogs in the RPMs as well, especially with the 
increasing move to rpm-autospec, which means that git-merge of our own 
trees/rebuilds ends up with the old trick of “Release matches upstream, so it’s 
easy for humans” no longer that useful.

There’s some balance of:
- respect and refer to the amazing work done in the Fedora community
- Don’t give Amazon Linux users the false impression that 
$random_fedora_contributor is who made the change in Amazon Linux that broke 
their $thing - that’s not fun for anybody.
- Be clear as to the changes occurring in an Amazon Linux package update

right now, for AL2023, We have an rpm-autospec-like thing at build time that 
will merge an `amzn-changelog` file that’s present in the git repo with the 
‘%changelog’ in the SPEC file on SRPM build. The aim here is to be able to add 
changelog entries that are amzn specific easily, while not creating merge 
conflicts all the time

It’d be great if we ended up with CentOS Stream and Amazon Linux doing the same 
thing, if only for consistency and being able to set some good expectation / 
good practice for distros downstream from Fedora.

Maybe it’s a question for Fedora developers: how do you *want* downstream 
distributions to behave in this area?

There’s guidelines for https://fedoraproject.org/wiki/Remix and 
https://fedoraproject.org/wiki/Spins_SIG along with 
https://fedoraproject.org/wiki/Releases/FeatureGenericLogos making some parts 
of downstream distros easier to do.

> All of this is the exact opposite of Red Hat preparing to make some new base
> for RHEL. Additionally, this model provides a clean path for
> Red-Hat-opinionated decisions to differ from those we make from Fedora. Take
> BTRFS as an example. Or, the increase in CPU baseline. Like this:

This reminds me of the item on my TODO list of to start a discussion around how 
we can better have distro and package level option switches that both Fedora 
and downstream distros can flip on and off over time. I’ll go do that now...


> Fedora Linux: Community Space
> -
> 
> * Community engineering decisions
> * No special code privileges due to your employer
> * Community-run infrastructure with RH investment, significant resources
>  from Amazon, contributions from other companies
> * Community quality engineering with RH investment
> * Community support
> * No cost
> 
> 
> CentOS Stream: Shared Space
> ---
> 
> * Red Hat Engineering decisions with community input
> * Pull requests from the community, approval from Red Hat engineers
> * Red Hat-provided and maintained 

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Kevin Kofler via devel]

Neal Gompa wrote:
> I will also point out that CentOS Stream is perfectly suitable for
> production use, and I would argue it provides a differentiated
> experience in its own right: because CentOS Stream does not go through
> certification work that locks on specific package versions, any and
> all fixes done by Red Hat or community members are released
> immediately after running through the gates and passing the tests at
> the gates. That shortens the average TTL for non-critical/non-security
> improvements from 6 months to a couple of weeks.

Well, another aspect that I think was not mentioned so far in this 
discussion is that CentOS Stream has only half the support time of RHEL, 
which makes it much less useful for production servers (and less 
advantageous over competitors' offerings such as Ubuntu LTS, which offer a 
similar support period as CentOS Stream).

This also means that if RH is telling rebuilds to do their own backports 
from CentOS Stream, that is only going to help them in the first half of the 
lifecycle. In the second half, there are no point releases, hence also no 
CentOS Stream that would prepare those. So, as I understand it, the security 
fixes are then only going to be published through the subscription channels.

> Offhand, I know CentOS Stream 9 is available as an option in the
> following VPS providers:
> 
> * DigitalOcean
> * Linode
> * Vultr
> * Hetzner
> * Afterburst

At least Hetzner also offers Rocky Linux and (recently added due to customer 
demand) AlmaLinux. If their customers were happy with CentOS Stream, they 
would not do that. (For the record, I happen to be one of those customers, 
for a small VPS (currently still running CentOS 7) and 2 domain names. That 
is the only involvement I have with Hetzner.)

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Clemens Lang]

Hi Leon,

> On 24. Jun 2023, at 19:44, Leon Fauster via devel 
>  wrote:
> 
>> I will also point out that CentOS Stream is perfectly suitable for
>> production use, and I would argue it provides a differentiated
> 
> Nope, its not perfect for production use. Just an example of _many_:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=2184640

Apologies for this particular one. We thought we had everything covered in this 
area, but we messed up and our tests didn’t catch this before it exploded into 
our faces. Rest assured it wasn’t because we were trying to use the community 
as guinea pigs; we ourselves were surprised by the fallout, and have been 
working internally with the maintainers of our signing keys to get this 
resolved. That work is still ongoing, but we will probably delay disabling 
SHA-1 in PGP use until CentOS Stream 10/RHEL 10.


-- 
Clemens Lang
RHEL Crypto Team
Red Hat


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Gordon Messmer]

On 2023-06-25 14:29, Dominik 'Rathann' Mierzejewski wrote:

The FOSS licenses give you the right to share the SRPMS, sans the Red
Hat trademarks.



The GPL, specifically, might guarantee that right, but not all of the 
distribution is under the terms of the GPL.  I don't have a license 
count for RHEL components, but Fedora looks like it's made up of about 
30% GPL components, with the majority being MIT, BSD, or Apache license, 
none of which prohibit Red Hat from imposing restrictions on their 
redistribution.


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Dominik 'Rathann' Mierzejewski]

On Sunday, 25 June 2023 at 02:44, Kevin Kofler via devel wrote:
> Neal Gompa wrote:
> 
> > On Fri, Jun 23, 2023 at 6:09 PM Kevin Kofler via devel wrote:
> >>
> >> Josh Boyer wrote:
> >> > Agree with Matthew fully here.  We've been working rather hard
> >> > internally to adjust the development process for RHEL to be more
> >> > collaborative and open than it ever has before.
> >>
> >> The *development process* is more open, but the production
> >> releases, which is the only thing end users are interested in, are
> >> less open!
> > 
> > Actually, this is not true either. Since December 2020, Red Hat
> > Enterprise Linux has added a number of avenues in which you can
> > freely get it:
> > 
> > 1. Individuals (16 entitlements, prod use permitted):
> > https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux
> > 
> > 2. Teams (mucho entitlements for companies, no prod):
> > https://developers.redhat.com/articles/2022/05/10/access-rhel-developer-teams-subscription
> > 
> > 3. OSS projects running their own infra (mucho entitlements, prod
> > use permitted):
> > https://www.redhat.com/en/blog/extending-no-cost-red-hat-enterprise-linux-open-source-organizations
> 
> That is not "open", it is just free as in beer, for a restricted
> subset of people. If you are not (explicitly! Not just "try and hope
> we do not terminate your subscription at our whim") entitled to share
> the SRPMs, it is NOT open.

The FOSS licenses give you the right to share the SRPMS, sans the Red
Hat trademarks. Red Hat's terms of use for their subscriptions state
explicitly (in several places), that:
[...] This Agreement establishes the rights and obligations associated
with Red Hat Products and is not intended to limit your rights to
software code under the terms of an open source license. [...]

So, unless you have some specific and verifiable examples, please stop
spreading FUD.

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPM Fusion  http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Kevin Kofler via devel]

Neal Gompa wrote:

> On Fri, Jun 23, 2023 at 6:09 PM Kevin Kofler via devel wrote:
>>
>> Josh Boyer wrote:
>> > Agree with Matthew fully here.  We've been working rather hard
>> > internally to adjust the development process for RHEL to be more
>> > collaborative and open than it ever has before.
>>
>> The *development process* is more open, but the production releases,
>> which is the only thing end users are interested in, are less open!
>>
> 
> Actually, this is not true either. Since December 2020, Red Hat
> Enterprise Linux has added a number of avenues in which you can freely
> get it:
> 
> 1. Individuals (16 entitlements, prod use permitted):
> https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux
> 
> 2. Teams (mucho entitlements for companies, no prod):
> https://developers.redhat.com/articles/2022/05/10/access-rhel-developer-teams-subscription
> 
> 3. OSS projects running their own infra (mucho entitlements, prod use
> permitted):
> https://www.redhat.com/en/blog/extending-no-cost-red-hat-enterprise-linux-open-source-organizations

That is not "open", it is just free as in beer, for a restricted subset of 
people. If you are not (explicitly! Not just "try and hope we do not 
terminate your subscription at our whim") entitled to share the SRPMs, it is 
NOT open.

> I will also point out that CentOS Stream is perfectly suitable for
> production use

If it were, Red Hat would offer it as a supported alternative to their 
commercial subscription users. They do not, obviously for a reason. A beta 
branch is not a production release.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Gordon Messmer]

On 2023-06-24 06:53, Chris Adams wrote:

Once upon a time, Neal Gompa  said:

I will also point out that CentOS Stream is perfectly suitable for
production use

Is it?  At one point, there were considerable gaps in security updates;



CentOS delayed security updates for 6-8 weeks, twice a year, every year 
of its entire existence, and people are still clamoring for it.


Stream's delays seem trivial in comparison.  I'm not saying that delays 
are acceptable, just that this *apparently* isn't a major barrier for 
self-supported use cases.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Leon Fauster via devel]

I do have packages on a RHEL9 system that do not appear in 
https://kojihub.stream.centos.org/koji/ - so the fix is unknown from an 
external view
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Chris Adams]

Once upon a time, Aleksandra Fedorova  said:
> In this case you don't need a repo, you need just this specific build to
> apply it on your environment, isn't it?

If I only had one system to worry about, maybe (although maybe not, if
the build introduces a new dependency for example).  But if I want to
install it on a group of systems, managed with Ansible for example, no,
that's not really enough (unless I have my own repo infrastructure).

-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Leon Fauster via devel]

> I will also point out that CentOS Stream is perfectly suitable for
> production use, and I would argue it provides a differentiated

Nope, its not perfect for production use. Just an example of _many_:

https://bugzilla.redhat.com/show_bug.cgi?id=2184640

Despite the fact that some critical fixes only land into the compose many weeks 
later, if at all. 
Some are only in RHEL while CentOS Stream have a rebased version without the 
fix. Nope, its not perfect 
for prod use. Emphasizing perfect here. Everything else is corporate speak. Its 
just perfect to make
contributions, and this is the main intention of "CentOS Stream".
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Aleksandra Fedorova]

On Sat, Jun 24, 2023 at 6:36 PM Chris Adams  wrote:

> Once upon a time, Aleksandra Fedorova  said:
> > When you build a package in CentOS Koji it gets into c9s-gate tag [1].
> > These packages are publicly available and if you'd like to use or test
> them
> > before their RHEL part passed the internal RHEL QE, you can do that.
> >
> > https://kojihub.stream.centos.org/koji/taginfo?tagID=2
>
> That's not available as a repo though AFAIK.
>

Afaiu the use case we are discussing looks like:
there is a CVE fix which you want to land in CentOS Stream as fast as
possible. And that specific fix may be delayed because RHEL QE takes time
and has to deal with their own priorities.

So the fix is known, there is BZ for it and the merge request for it is
also known and merged. The package is built, it is available in koji, but
it sits in -gate tag and is not promoted to the -pending( which means
compose, buildroot and mirrors) because it waits on RHEL QE.

In this case you don't need a repo, you need just this specific build to
apply it on your environment, isn't it?


It is not that creation of repositories is not possible. I just think that
having a repo with all of the content of -gate tag wouldn't help here.
Especially since -gate tag contains also builds which failed the gating
tests and therefore are not expected to be promoted ever.


> --
> Chris Adams 
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>


-- 
Aleksandra Fedorova
bookwar
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Chris Adams]

Once upon a time, Aleksandra Fedorova  said:
> When you build a package in CentOS Koji it gets into c9s-gate tag [1].
> These packages are publicly available and if you'd like to use or test them
> before their RHEL part passed the internal RHEL QE, you can do that.
> 
> https://kojihub.stream.centos.org/koji/taginfo?tagID=2

That's not available as a repo though AFAIK.
-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Aleksandra Fedorova]

Hi,

On Sat, Jun 24, 2023 at 6:09 PM Michael Catanzaro 
wrote:

>
>
> On Sat, Jun 24 2023 at 10:24:58 AM -0500, Chris Adams
>  wrote:
> > Is there any chance of having a CentOS Stream repo along the lines of
> > Fedora's updates-testing, so that CVEs at least would have some type
> > of
> > available update in a timely manner?  With 7 there's the fasttrack
> > repo,
> > but it doesn't actually seem to be used currently (and IIRC wasn't
> > ever
> > a "testing" type channel).
>
> A new -testing repo might make sense indeed. I believe currently
> updates are held until after Red Hat QA has tested them, which
> introduces significant delay (although not any delay relative to RHEL
> updates). I don't know what the chances of this happening are, though.
> It works really well for Fedora though, where community members
> regularly catch bugs that would otherwise have reached stable users, so
> it's certainly something to consider.
>

I think we should move this conversation to centos-devel mailing list.

But also there is no point in -testing repo for CentOS Stream.

When you build a package in CentOS Koji it gets into c9s-gate tag [1].
These packages are publicly available and if you'd like to use or test them
before their RHEL part passed the internal RHEL QE, you can do that.

https://kojihub.stream.centos.org/koji/taginfo?tagID=2



> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>


-- 
-- 
Aleksandra Fedorova
bookwar
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael Catanzaro]

On Sat, Jun 24 2023 at 10:24:58 AM -0500, Chris Adams 
 wrote:

Is there any chance of having a CentOS Stream repo along the lines of
Fedora's updates-testing, so that CVEs at least would have some type 
of
available update in a timely manner?  With 7 there's the fasttrack 
repo,
but it doesn't actually seem to be used currently (and IIRC wasn't 
ever

a "testing" type channel).


A new -testing repo might make sense indeed. I believe currently 
updates are held until after Red Hat QA has tested them, which 
introduces significant delay (although not any delay relative to RHEL 
updates). I don't know what the chances of this happening are, though. 
It works really well for Fedora though, where community members 
regularly catch bugs that would otherwise have reached stable users, so 
it's certainly something to consider.


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael Catanzaro]

On Sat, Jun 24 2023 at 03:26:46 PM +, Gary Buhrmaster 
 wrote:

If one does find a security update that did not get
streamed, is there a way for a non-customer[0] to
open an appropriate ticket both now, and in the
future when RH moves their internal bug tracker
to jira[1]?


Yes, you do not have to be a customer to use Bugzilla/Jira to report 
bugs.


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Gary Buhrmaster]

On Sat, Jun 24, 2023 at 3:05 PM Michael Catanzaro  wrote:

> But in practice, we actually currently have a lot of desynced packages
> where RHEL is ahead of CentOS Stream for various reasons. I believe
> most such cases are mistakes that need to be corrected, not intentional
> delays. E.g. if a particular developer just forgets to fix the CVE in
> CentOS Stream, currently nobody is checking to catch that and complain
> and get things fixed. Red Hat needs to catch and fix these issues
> proactively, but is not currently doing so. Since only Red Hat is able
> to commit to CentOS Stream, the community is limited to tracking
> desyncs and complaining when it happens. (That would be really valuable
> to do IMO.)

Most of the time, as you say, things work well (at
least in my experience).

If one does find a security update that did not get
streamed, is there a way for a non-customer[0] to
open an appropriate ticket both now, and in the
future when RH moves their internal bug tracker
to jira[1]?


[0] There are those that have used the clones
and streams for some time without having to
sign up with RH.

[1] It is not clear to me if one will need a formal
support contract in order to open tickets into
the future jira instances.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Chris Adams]

Once upon a time, Michael Catanzaro  said:
> So here is the reality with security updates. The vast majority of
> security updates are shipped in RHEL 3-9 months after we fix them,
> because minimizing the quantity of updates is an important goal in
> RHEL to reduce update churn for customers, so we only want to
> release quick fixes for issues that pose serious risk. (Most
> security issues are just not very urgent.) This means you get most
> security fixes drastically sooner in CentOS Stream than you would in
> RHEL. However, higher-severity security updates do get fixed in RHEL
> first. Developers are not permitted to fix higher-severity security
> issues in CentOS Stream until after the fix is shipped in at least
> one RHEL update. We're encouraged to do so immediately after the fix
> ships in RHEL, so there *should* only be a minor delay of, say, one
> or two business days for the developer to notice the update has
> shipped. So in general, CentOS Stream *should* generally be ahead of
> RHEL and ideally only slightly behind for the more serious CVEs.
> 
> But in practice, we actually currently have a lot of desynced
> packages where RHEL is ahead of CentOS Stream for various reasons. I
> believe most such cases are mistakes that need to be corrected, not
> intentional delays. E.g. if a particular developer just forgets to
> fix the CVE in CentOS Stream, currently nobody is checking to catch
> that and complain and get things fixed. Red Hat needs to catch and
> fix these issues proactively, but is not currently doing so. Since
> only Red Hat is able to commit to CentOS Stream, the community is
> limited to tracking desyncs and complaining when it happens. (That
> would be really valuable to do IMO.)

Seems like some tooling/notifications might could help with that,
although that type of work is rarely interesting enough to get resource
assignment in the business world (and since all of this is done behind
Red Hat's curtain, there's AFAIK no path for community involvement).  I
guess a non-Hatter could use a dev subscription to compare RHEL content
to CentOS Stream content and note differences (and file BZes I guess?).

Is there any chance of having a CentOS Stream repo along the lines of
Fedora's updates-testing, so that CVEs at least would have some type of
available update in a timely manner?  With 7 there's the fasttrack repo,
but it doesn't actually seem to be used currently (and IIRC wasn't ever
a "testing" type channel).

-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Michael Catanzaro]

On Sat, Jun 24 2023 at 08:53:32 AM -0500, Chris Adams 
 wrote:
Is it?  At one point, there were considerable gaps in security 
updates;

RHEL 9.x would get an update while CentOS Stream 9 (as the target for
RHEL 9.[x+1]) didn't get a corresponding update for quite a while.  If
Stream doesn't get security updates in a timely fashion, it is not at
all suitable for production use.


So here is the reality with security updates. The vast majority of 
security updates are shipped in RHEL 3-9 months after we fix them, 
because minimizing the quantity of updates is an important goal in RHEL 
to reduce update churn for customers, so we only want to release quick 
fixes for issues that pose serious risk. (Most security issues are just 
not very urgent.) This means you get most security fixes drastically 
sooner in CentOS Stream than you would in RHEL. However, 
higher-severity security updates do get fixed in RHEL first. Developers 
are not permitted to fix higher-severity security issues in CentOS 
Stream until after the fix is shipped in at least one RHEL update. 
We're encouraged to do so immediately after the fix ships in RHEL, so 
there *should* only be a minor delay of, say, one or two business days 
for the developer to notice the update has shipped. So in general, 
CentOS Stream *should* generally be ahead of RHEL and ideally only 
slightly behind for the more serious CVEs.


But in practice, we actually currently have a lot of desynced packages 
where RHEL is ahead of CentOS Stream for various reasons. I believe 
most such cases are mistakes that need to be corrected, not intentional 
delays. E.g. if a particular developer just forgets to fix the CVE in 
CentOS Stream, currently nobody is checking to catch that and complain 
and get things fixed. Red Hat needs to catch and fix these issues 
proactively, but is not currently doing so. Since only Red Hat is able 
to commit to CentOS Stream, the community is limited to tracking 
desyncs and complaining when it happens. (That would be really valuable 
to do IMO.)


Michael

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Chris Adams]

Once upon a time, Neal Gompa  said:
> I will also point out that CentOS Stream is perfectly suitable for
> production use

Is it?  At one point, there were considerable gaps in security updates;
RHEL 9.x would get an update while CentOS Stream 9 (as the target for
RHEL 9.[x+1]) didn't get a corresponding update for quite a while.  If
Stream doesn't get security updates in a timely fashion, it is not at
all suitable for production use.

-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Neal Gompa]

On Fri, Jun 23, 2023 at 6:09 PM Kevin Kofler via devel
 wrote:
>
> Josh Boyer wrote:
> > Agree with Matthew fully here.  We've been working rather hard
> > internally to adjust the development process for RHEL to be more
> > collaborative and open than it ever has before.
>
> The *development process* is more open, but the production releases, which
> is the only thing end users are interested in, are less open!
>

Actually, this is not true either. Since December 2020, Red Hat
Enterprise Linux has added a number of avenues in which you can freely
get it:

1. Individuals (16 entitlements, prod use permitted):
https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux

2. Teams (mucho entitlements for companies, no prod):
https://developers.redhat.com/articles/2022/05/10/access-rhel-developer-teams-subscription

3. OSS projects running their own infra (mucho entitlements, prod use
permitted): 
https://www.redhat.com/en/blog/extending-no-cost-red-hat-enterprise-linux-open-source-organizations

Is it everything that people need? No. Could they do more here?
Absolutely. But their willingness to even do this should be applauded.

I will also point out that CentOS Stream is perfectly suitable for
production use, and I would argue it provides a differentiated
experience in its own right: because CentOS Stream does not go through
certification work that locks on specific package versions, any and
all fixes done by Red Hat or community members are released
immediately after running through the gates and passing the tests at
the gates. That shortens the average TTL for non-critical/non-security
improvements from 6 months to a couple of weeks.

Offhand, I know CentOS Stream 9 is available as an option in the
following VPS providers:

* DigitalOcean
* Linode
* Vultr
* Hetzner
* Afterburst

There are a lot of providers out there, and it's quite likely that
even more ones that offer it. These are just the ones I've used or are
aware of.


-- 
真実はいつも一つ！/ Always, there's only one truth!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Kevin Kofler via devel]

Josh Boyer wrote:
> Agree with Matthew fully here.  We've been working rather hard
> internally to adjust the development process for RHEL to be more
> collaborative and open than it ever has before.

The *development process* is more open, but the production releases, which 
is the only thing end users are interested in, are less open!

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Jonathan Steffan]

Matthew,

Thanks for sending this out. There is a lot of FUD right now and this plan
is what I had hoped was going on. The FPO/RH/IBM should do some additional
community engagement to clear this up. A very clear diagram of the
development/packaging flow would go a long way and give the community a
simple artifact to share in place of all of the FUD.

I was worried after reading some of the misinformation/misunderstanding. I
was getting concerned we'd have to start up FUDCons again and fork the
project. Thankfully, that does not at all seem to be the case.

Cheers,


On Fri, Jun 23, 2023 at 12:47 AM Simon de Vlieger  wrote:

> On Thu, Jun 22, 2023, at 11:01 AM, Matthew Miller wrote:
>
> > 1. Fedora Rawhide continually updated
> > 2. ELN maintained in parallel, as part of Fedora
> > 3. At some point, ELN branched to new CentOS Stream
> > 4. ... a year or so of CentOS Stream development in public ...
> > 5. RHEL Beta forked from that, released
> > 6. Work on RHEL updates visible in CentOS Stream
> > 7. Updates appear in CentOS Stream
> > 8. Updates released to RHEL
> >
> > Note that with CentOS Stream 10 / RHEL 10, step 3 here will _maintain git
> > history from Fedora, which is a big improvement in preserving all of the
> > incredible, valuable work from Fedora contributors.
> >
> > All of this is the exact opposite of Red Hat preparing to make some new
> base
> > for RHEL. Additionally, this model provides a clean path for
> > Red-Hat-opinionated decisions to differ from those we make from Fedora.
> Take
> > BTRFS as an example. Or, the increase in CPU baseline. Like this:
>
> Matthew, this is a great summary and also the understanding I currently
> have. It might be a good thing if this information lives in a more
> permanent place that I can refer people to. Perhaps something on Fedora's
> documentation about the Enterprise Linux ecosystem or a blogpost on either
> the Fedora or RedHat blogs?
>
> Regards,
>
> Simon
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>


-- 
Jonathan Steffan
jonathanstef...@gmail.com
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Simon de Vlieger]

On Thu, Jun 22, 2023, at 11:01 AM, Matthew Miller wrote:

> 1. Fedora Rawhide continually updated
> 2. ELN maintained in parallel, as part of Fedora
> 3. At some point, ELN branched to new CentOS Stream
> 4. ... a year or so of CentOS Stream development in public ...
> 5. RHEL Beta forked from that, released
> 6. Work on RHEL updates visible in CentOS Stream
> 7. Updates appear in CentOS Stream
> 8. Updates released to RHEL
>
> Note that with CentOS Stream 10 / RHEL 10, step 3 here will _maintain git
> history from Fedora, which is a big improvement in preserving all of the
> incredible, valuable work from Fedora contributors.
>
> All of this is the exact opposite of Red Hat preparing to make some new base
> for RHEL. Additionally, this model provides a clean path for
> Red-Hat-opinionated decisions to differ from those we make from Fedora. Take
> BTRFS as an example. Or, the increase in CPU baseline. Like this:

Matthew, this is a great summary and also the understanding I currently have. 
It might be a good thing if this information lives in a more permanent place 
that I can refer people to. Perhaps something on Fedora's documentation about 
the Enterprise Linux ecosystem or a blogpost on either the Fedora or RedHat 
blogs?

Regards,

Simon
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Ian Laurie via devel]

On 6/22/23 19:01, Matthew Miller wrote:

Sure, but... that's the _opposite_ of the direction things are going.


Awesome post.

--
Ian Laurie
FAS: nixuser | IRC: nixuser
TZ: Australia/Sydney
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Josh Boyer]

On Thu, Jun 22, 2023 at 5:02 AM Matthew Miller  wrote:
>
> >> ELN is a build of (some) Fedora packages with EL-specific options, so
> >> it requires Fedora.
> > ELN can exist off an internal non fedora tree. Just depends who is
> > updating the tree.
>
> Sure, but... that's the _opposite_ of the direction things are going.
> Previously, what happened to make a major RHEL release was:
>
> 1. Some Fedora Linux Release -> an internal bootstrap
> 2. ...  a year or so of secret work ...
> 3. RHEL Beta
> 4. RHEL Release
> 5. CentOS Linux rebuild
> 6. Internal RHEL build process, internal work on minor release
> 7. RHEL updates appear in publiuc
> 8. CentOS Linux rebuilds of those.
>
> There's no connection to Fedora beyond the intial fork, and a lot of work
> done inside Red Hat without any transparency.
>
>
> Now, CentOS Stream brings that to the surface:
>
> 1. Fedora Rawhide continually updated
> 2. ELN maintained in parallel, as part of Fedora
> 3. At some point, ELN branched to new CentOS Stream
> 4. ... a year or so of CentOS Stream development in public ...
> 5. RHEL Beta forked from that, released
> 6. Work on RHEL updates visible in CentOS Stream
> 7. Updates appear in CentOS Stream
> 8. Updates released to RHEL
>
> Note that with CentOS Stream 10 / RHEL 10, step 3 here will _maintain git
> history from Fedora, which is a big improvement in preserving all of the
> incredible, valuable work from Fedora contributors.
>
> All of this is the exact opposite of Red Hat preparing to make some new base
> for RHEL. Additionally, this model provides a clean path for
> Red-Hat-opinionated decisions to differ from those we make from Fedora. Take
> BTRFS as an example. Or, the increase in CPU baseline. Like this:
>
>
> Fedora Linux: Community Space
> -
>
> * Community engineering decisions
> * No special code privileges due to your employer
> * Community-run infrastructure with RH investment, significant resources
>   from Amazon, contributions from other companies
> * Community quality engineering with RH investment
> * Community support
> * No cost
>
>
> CentOS Stream: Shared Space
> ---
>
> * Red Hat Engineering decisions with community input
> * Pull requests from the community, approval from Red Hat engineers
> * Red Hat-provided and maintained infrastructure
> * Red Hat quality engineering with partner and community involvement
> * Community support
> * no cost
>
>
> Red Hat Enterprise Linux: Product Space
> ---
>
> * Red Hat Engineering decisions with customer input
> * Red Hat engineers and only RH engineers do the work
> * Red Hat infrastructure
> * Red Hat quality engineering (mostly done in Stream, though)
> * Enterprise support
> * Subscription, including low- and no-cost options
>
>
> Previously, we had a whole convoluted thing which people tried to describe
> in terms of MC Escher paintings. This is far better, and Fedora is in a
> better place. In the earlier setup, CentOS _was_ sometimes positioned as a
> competitor (although generally, those of us working in the actual Fedora and
> CentOS communities didn't have any interest in playing that game.)

Agree with Matthew fully here.  We've been working rather hard
internally to adjust the development process for RHEL to be more
collaborative and open than it ever has before.

josh
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

CentOS Stream, RHEL, and Fedora [was Re: What is Fedora?]

[Matthew Miller]

>> ELN is a build of (some) Fedora packages with EL-specific options, so
>> it requires Fedora.
> ELN can exist off an internal non fedora tree. Just depends who is
> updating the tree.

Sure, but... that's the _opposite_ of the direction things are going.
Previously, what happened to make a major RHEL release was:

1. Some Fedora Linux Release -> an internal bootstrap
2. ...  a year or so of secret work ... 
3. RHEL Beta
4. RHEL Release   
5. CentOS Linux rebuild
6. Internal RHEL build process, internal work on minor release
7. RHEL updates appear in publiuc
8. CentOS Linux rebuilds of those.

There's no connection to Fedora beyond the intial fork, and a lot of work
done inside Red Hat without any transparency.


Now, CentOS Stream brings that to the surface:

1. Fedora Rawhide continually updated
2. ELN maintained in parallel, as part of Fedora
3. At some point, ELN branched to new CentOS Stream
4. ... a year or so of CentOS Stream development in public ...
5. RHEL Beta forked from that, released
6. Work on RHEL updates visible in CentOS Stream
7. Updates appear in CentOS Stream
8. Updates released to RHEL

Note that with CentOS Stream 10 / RHEL 10, step 3 here will _maintain git
history from Fedora, which is a big improvement in preserving all of the
incredible, valuable work from Fedora contributors.

All of this is the exact opposite of Red Hat preparing to make some new base
for RHEL. Additionally, this model provides a clean path for
Red-Hat-opinionated decisions to differ from those we make from Fedora. Take
BTRFS as an example. Or, the increase in CPU baseline. Like this:


Fedora Linux: Community Space
-

* Community engineering decisions
* No special code privileges due to your employer
* Community-run infrastructure with RH investment, significant resources
  from Amazon, contributions from other companies
* Community quality engineering with RH investment
* Community support
* No cost


CentOS Stream: Shared Space
---

* Red Hat Engineering decisions with community input
* Pull requests from the community, approval from Red Hat engineers
* Red Hat-provided and maintained infrastructure 
* Red Hat quality engineering with partner and community involvement
* Community support
* no cost


Red Hat Enterprise Linux: Product Space
---

* Red Hat Engineering decisions with customer input
* Red Hat engineers and only RH engineers do the work
* Red Hat infrastructure
* Red Hat quality engineering (mostly done in Stream, though)
* Enterprise support
* Subscription, including low- and no-cost options 


Previously, we had a whole convoluted thing which people tried to describe
in terms of MC Escher paintings. This is far better, and Fedora is in a
better place. In the earlier setup, CentOS _was_ sometimes positioned as a
competitor (although generally, those of us working in the actual Fedora and
CentOS communities didn't have any interest in playing that game.) 



-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue