On 1/13/22 1:01 PM, Gordon Messmer wrote:> On 1/13/22 09:32, Valeri Galtsev wrote: >> In layman's language summary: RedHat Enterprise features (including >> "live" kernel patching) are to be expected _only_ in RedHat Enterprise >> "binary replica" distributions, which CentOS Stream is not. > > > I don't think that's true, exactly.? As far as I know, rebuild > distributions never had the "Enterprise" features*.? Critically, I think > that a lot of people mistakenly believed that CentOS *did* have > Enterprise features, because it was rebuilt from RHEL code, and that > misunderstanding underlies a great deal of the negative response toward > CentOS Stream. >Thanks for correcting my layman's representation. It should have better said that "binary replica" is "binary compatible" in a sense whatever software distributed as binary for RHEL will work the same on "binary replica". I guess my views and wordings got skewed by latest changes of CentOS paradigms.> > *: "Enterprise" features include but are not limited to: > > 1. Minor releases with independent life cycles / Extended Update Support > 2. Classification for updates (security, bugfix, enhancement) > 3. Live patching for kernel security vulnerabilitiesWe never had it in CentOS in the past, but I'm just curious: is live patching proprietary piece of RHEL? I know there are several solutions, way back there was paid one called splice, my Boss's son was one of the developers of that. Just curious, as, if it is paid, it is stripped off as part of CentOS composition, but if it is not paid, open source, then it would "just work", or not?> 4. SupportOops, as features I meant functionality of CentOS, nothing beyond that. Valeri> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
--On Thursday, January 13, 2022 2:10 PM -0500 Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:> We never had it in CentOS in the past, but I'm just curious: is live > patching proprietary piece of RHEL? I know there are several solutions, > way back there was paid one called splice, my Boss's son was one of the > developers of that. Just curious, as, if it is paid, it is stripped off > as part of CentOS composition, but if it is not paid, open source, then > it would "just work", or not?Indeed, we're talking the software versus the organization. I never expected CentOS the organization to provide anything more than repackaging (rebuilding and mirroring). For kernel patching, there's the matter of rebuilding and distributing the patches, and then whether the software can do anything with that. If it's proprietary, the issue is moot. But maybe it's like the update classification and differentiation, which was never implemented for CentOS, because of the extra effort the organization would have to provide.
On Thu, Jan 13, 2022 at 2:13 PM Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:> > > > On 1/13/22 1:01 PM, Gordon Messmer wrote: > > On 1/13/22 09:32, Valeri Galtsev wrote: > >> In layman's language summary: RedHat Enterprise features (including > >> "live" kernel patching) are to be expected _only_ in RedHat Enterprise > >> "binary replica" distributions, which CentOS Stream is not. > > > > > > I don't think that's true, exactly. As far as I know, rebuild > > distributions never had the "Enterprise" features*. Critically, I think > > that a lot of people mistakenly believed that CentOS *did* have > > Enterprise features, because it was rebuilt from RHEL code, and that > > misunderstanding underlies a great deal of the negative response toward > > CentOS Stream. > > > > Thanks for correcting my layman's representation. It should have better > said that "binary replica" is "binary compatible" in a sense whatever > software distributed as binary for RHEL will work the same on "binary > replica". I guess my views and wordings got skewed by latest changes of > CentOS paradigms. > > > > > *: "Enterprise" features include but are not limited to: > > > > 1. Minor releases with independent life cycles / Extended Update Support > > 2. Classification for updates (security, bugfix, enhancement) > > 3. Live patching for kernel security vulnerabilities > > We never had it in CentOS in the past, but I'm just curious: is live > patching proprietary piece of RHEL? I know there are several solutions, > way back there was paid one called splice, my Boss's son was one of the > developers of that. Just curious, as, if it is paid, it is stripped off > as part of CentOS composition, but if it is not paid, open source, then > it would "just work", or not?RHEL's kernel live patching uses upstream open source kpatch. The sources to the kpatches are delivered in customer facing CDN repos at the same time as the kpatch itself. We do not use proprietary code to produce or apply the kpatches. I can only speculate on whether RHEL kpatches would work on a CentOS kernel, but my assumption is that they would not due to how they are signed. josh