LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2017

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2017

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA ... on SL6.x and Older
From:	David Sommerseth <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 25 Sep 2017 01:32:28 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

On 23/09/17 21:52, Keith Lofstrom wrote:
> 
> This isn't in RedHat's best interest.  They want to keep
> selling software, and benefit from churn.

This is misguided.

"Our mission is to be the catalyst in communities of customers,
contributors, and partners creating better technology the open source way."
- Red Hat's mission statement
  source: <https://www.redhat.com/en/about/company>

Red Hat does not sell software.  They sell subscriptions, which enables
updates.  They sell support, of packages they have shipped.  They sell
consultancy services, to help you setup a proper infrastructure for your
needs.  They sell training courses, so you can use the software they
ship in the best way.  But they do not sell software.

Everything Red Hat does these days are open source.  And if it isn't,
they are working to complete the transition to open source it.
<https://opensource.com/article/16/12/why-red-hat-takes-upstream-first-approach>

Their latest efforts in this regard:
<https://opensource.com/article/17/9/ansible-announces-awx-open-source-project>

*This* is what Scientific Linux builds upon, a distribution based on the
source RPMs provided by Red Hat.

So to your other comment:

> In a larger sense: how much work is it to semi-automate
> the process of backporting all these security fixes from
> SL6 and SL7 to earlier distros? 

TL;DR summary: Probably much more than you would imagine.

That is not fully realising what Red Hat does to software they ship
through the Enterprise range of products.

- Development (upstream involvement and/or bug/security fixing)
- Packaging (ensuring the RPM packages is functional)
- QA (regression testing on lots of different hardware platforms, RHEL
  distributions, upgrade/downgrade/fresh-install/removal of RPM
  packages, etc, etc)
- Support of the code being shipped

And in many cases the regression tests consists of several hundred test
cases.  Naturally, not all these bullet points relates to what SL does.
But the majority of them do.  Which is why RHEL (and thus SL implicitly)
can be quite stable, because the package testing is fairly comprehensive
and done before each release of a new update.

-- 
kind regards,

David Sommerseth

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV