this post was submitted on 20 Jul 2023
16 points (94.4% liked)

Linux

50365 readers
1292 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
16
Red Hat refuses Alma's CVE patches to CentOS Stream; says "no customer demand" (i.redd.it)
submitted 2 years ago* (last edited 2 years ago) by cleric_splash@lemmy.world to c/linux@lemmy.ml
27 comments fedilink hide all child comments
 

https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/5

all 29 comments
sorted by: hot top controversial new old
[–] yarn@sopuli.xyz 6 points 2 years ago* (last edited 2 years ago) (4 children)

I haven't been really keeping up with this RHEL drama, so I'm probably going to regret making this comment. But about this bug merge request in particular, you have to remember that RHEL's main target audience is paying enterprise customers. It's the "E" right there in RHEL. So stability is a high priority for their developers, since if they accidentally introduce a bug to their code, then they'll have a lot of unhappy paying customers.

The next comment that was cropped out of that screenshot basically explains exactly that. While the Red Hat developers probably appreciate the bug fix, the reality is that the bug was listed as non-critical, and the Red Hat teams didn't have the capacity to adequately regression test and QA the merge request. But the patch was successfully merged into Fedora, so it will eventually end up in RHEL through that path, which is exactly what the Fedora path is for.

The blowup about this particulat bug doesn't seem justified to me. Red Hat obviously can't fix and regression test every single bug that's listed in their bug tracker. So why arbitrarily focus on this one medium priority bug? if it were listed as a critical bug, then yes, the blowup would be justified.

[–] exu@feditown.com 4 points 2 years ago (2 children)

In its blog post Red Hat specifically called out downstream distributions for not contributing anything to the development of RHEL and that they should be making fixes to CentOS Stream. Well, this is a fix for CentOS Stream and Red Hat still doesn't care. They just don't want community contributions.

[–] yarn@sopuli.xyz 2 points 2 years ago (1 children)

CentOS Stream is the staging ground for RHEL. It isn't a bleeding edge distro that can accept any merge request willy-nilly. For the reason why, reread my original comment about the nature of enterprise support.

Fedora is the distro that is more bleeding edge in the RHEL realm. This merge request was more suited for Fedora, and the fix was successfully applied to Fedora. So, I fail to see any irrational actions from Red Hat here.

[–] Flaky@iusearchlinux.fyi 2 points 2 years ago (2 children)

Sounds to me like they messed up the communication between them and the devs. If they directed the PR submitter to Fedora, I think there wouldn't be as much fuel to the fire.

Granted, all the chaos surrounding RHEL does make me a little worried for Fedora. Fedora is not a bad distro by any means, and I don't want to have to not recommend it because of the drama.

[–] Qvest@lemmy.world 1 points 2 years ago

The only thing Red Hat has power over Fedora is its name and infrastructure. Red Hat can't decide for Fedora. Do they have Red Hat employees working for Fedora? Yes, they do, but the employees decide for Fedora, not for Red Hat. Besides, all the telemetry drama is being sorted out in the most open way possible over on Discourse (Fedora Discussion). It is still a 100% community distribution despite a lot of people saying "it is already decided" "Fedora is doomed" etc.

[–] Zeth0s@reddthat.com -1 points 2 years ago

I stopped recommending it. It is a pity, but there are alternatives

[–] jerrimu@lemmy.world 1 points 2 years ago

Not having resources to test it right this second isn't "doesn't care" it's just a lower priority.

[–] gobbling871@lemmy.world 0 points 2 years ago

Maybe you should familiarize yourself with CentOS Stream and its purpose.

[–] digdilem@feddit.uk -1 points 2 years ago

Agree on point of detail, but the "drama" is the reason for the fuss. Redhat's communication, especially to the community that helped build and support it, has always been patchy, but over the past few years it's been apalling. As others have pointed out, they've insulted a lot of us, specifically for not contributing upstream - so it's not unexpected for them to be called on it when someone does.

I think the EL sphere as a whole (including RHEL and all up and downstreams) is getting drastically weakened directly because of Redhat's poor decision making, and that's a shame for all of us.

[–] angrymouse@lemmy.world -1 points 2 years ago* (last edited 2 years ago) (1 children)

But it is also another stab in the community, they took centos that was a community project for them, then transformed this project that was downstream to upstream, then called all other downstream distros a negative net worth cause they don't engage in the process of RHEL, then blocked the acess to this distros to the downstream, then reject the work of this ppl they called net negative without a decent process.

What actually red hat wants?

Centos now is only a beta branch? Ppl who wants derive from centos should be fixing everything downstream and duplicate work cause centos now is just an internal beta from red hat? If yes, why they took the project from the community? I'm not a rpm based distros user but I totally understand why ppl are pissed.

[–] digdilem@feddit.uk -1 points 2 years ago* (last edited 2 years ago)

What actually red hat wants?

All the control and all of the money.

Besides that, I suspect they have no clear vision. And if they do, they are absolutely terrible at communicating that.

[–] PhysicsDad@lemmy.world 5 points 2 years ago (2 children)

Wasn't Red Hat just complaining that Alma and Rocky didn't add value because they weren't submitting fixes upstream?

[–] gomp@lemmy.ml 1 points 2 years ago (1 children)

Its funny how podcasters and commenters seem to have taken Redhat's spin about "contributing value to the community" seriously, while to the rest of us the whole thing was obviously only about money (same as all the follow-ups from other parties... I would say "including Alma" but that would probably deserve its separate debate).

[–] pazukaza@lemmy.ml 0 points 2 years ago* (last edited 2 years ago) (2 children)

— "we don't like people ripping off our work without any added value"

— "Here, let me push this to your staging environment, totally breaking your quality process"

— "No"

— "Well, what the hell do you want broo?"

I don't think they have ever hidden the fact this is about money. I don't like the fact this is about money, but the fact that others were cloning and selling their efforts for a cheaper price is awful.

[–] thebardingreen@lemmy.starlightkel.xyz 1 points 2 years ago

Bro, do you even FOSS?

[–] Dirk@lemmy.ml 2 points 2 years ago

"Your code has an issue here's a fix for that".

Corporate: no.

[–] cognitive@lemmy.ml 2 points 2 years ago (1 children)

Alma should use this as advantage for them. Now market it as "Alma Linux is more secure than RHEL".

[–] Sir_Simon_Spamalot@lemmy.world 0 points 2 years ago

Fuck it, let's go Alma!

[–] fmstrat@lemmy.nowsci.com 1 points 2 years ago (1 children)

And this is why I use Ubuntu server.

[–] skullgiver@popplesburger.hilciferous.nl 1 points 2 years ago* (last edited 1 year ago)

[This comment has been deleted by an automated system]

[–] andruid@lemmy.ml 1 points 2 years ago

I mean obviously for the community this is bad, but I 100% get that doing anything for free is best effort. They don't even need to have this policy 100% of the time to make large orgs using FOSS with no SLA for vulnerability patching sweat. Which frankly they should.

For real, I'm gonna use this as a tactic to say "we shouldn't rely on software without warranty and support, FOSS or proprietary.". Just to get money flowing to devs, because for it's for real reckless to contribute nothing to keeping pieces of your critical infra secure

[–] ZombieZookeeper@lemmy.world 1 points 2 years ago

2023: The Year of the Assholes

[–] OsrsNeedsF2P@lemmy.ml 0 points 2 years ago (1 children)

As someone interviewing for Canonical's Security team (they make you do like 10 interviews, I'm like 5 deep over 3 weeks), I cannot imagine anyone security-minded writing that comment. It either:

  • Comes from higher up
  • Michal doesn't think security is important
[–] MrOzwaldMan@lemmy.ml 0 points 2 years ago (1 children)

Can you prove that your joining Canonical (picture proof), as you know, people can be anything in the internet while they're in their parent's basement.

If you are, what type of interview questions do they ask?

[–] OsrsNeedsF2P@lemmy.ml 0 points 2 years ago (1 children)

I mean sure, here you go. I'm in stage 3 of 4 right now:

[–] MrOzwaldMan@lemmy.ml 1 points 2 years ago

Congrats, I hope you excel in your journey with canonical.