[Discuss] CentOS 6.0 finally passes QA testing

[jarod at wilsonet.com (Jarod Wilson)]

On Jun 17, 2011, at 11:37 PM, Bill Bogstad wrote:

> On Fri, Jun 17, 2011 at 9:54 PM, Jarod Wilson <jarod at wilsonet.com> wrote:
>> On Jun 17, 2011, at 12:27 PM, John Abreau wrote:
>> 
>>> Looks like CentOS 6.0 is finally being released. According to the QA calendar
>>> at
>>> 
>>>    http://qaweb.dev.centos.org/qa/
>>> 
>>> it's due to be pushed out to the download mirrors on Monday, and I assume
>>> this means it should be generally available on Tuesday.
>> 
>> Meanwhile, Red Hat has already released Red Hat Enterprise Linux 6.1, so
>> they're still more than six months behind, and won't be getting most of
>> the the key security fixes that do go into the 6.1 errata update kernels.
> 
> I'm confused by this statement.  I realize that Red Hat is no longer
> distributing kernel
> source in such a way as to allow someone to easily determine what each
> patch does.

It has absolutely nothing to do with that.


> I don't, however, see how this matters if all one wants to do is run
> the 'same' kernel
> as Red Hat.

You can run the "same" kernel as Red Hat Enterprise Linux 6.0. Not 6.1.
Therein lies the problem.


> The monolithic source for the entire Red Hat kernel
> should still be available.

It is. But CentOS isn't in the kernel patching business. They're in the rebuild
only business. And if they're still rebuilding just 6.0 after 6.1 has been
released, then they're not getting the security and bug fixes that are backported
from the 6.2 development tree into 6.1 errata kernels. As far as I know, Red Hat
isn't going to continue patching 6.0 kernels now that 6.1 is released, which
means that CentOS 6.0 users are going to be running kernels with known security
vulnerabilities. I'd take a pass on using that in production, thank you. Use the
real deal, or another clone that is more on top of things.


-- 
Jarod Wilson
jarod at wilsonet.com