> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <centos at centos.org>: > > ?Am 01.08.20 um 23:41 schrieb Kay Schenk: >> Well misery loves company but still...just truly unfathomable! >> Time for a change. > > > I can only express my incomprehension for such statements! > > Stay and help. Instead running away or should I say out of the > frying pan and into the fire? :-)The thing, RHEL and CentOS not properly testing updates, cost me at minimum 3-4 full working days, plus losses at customer sites. This is really a huge failure of RHEL and CentOS. A lot of trust has been destroyed.> > -- > Leon > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
It appears that it is affecting multiple distributions including Debian and Ubuntu so it looks like the grub2 team messed up. See https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ Mike On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:> > >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <centos at centos.org>: >> >> ?Am 01.08.20 um 23:41 schrieb Kay Schenk: >>> Well misery loves company but still...just truly unfathomable! >>> Time for a change. >> >> >> I can only express my incomprehension for such statements! >> >> Stay and help. Instead running away or should I say out of the >> frying pan and into the fire? :-) > > The thing, RHEL and CentOS not properly testing updates, cost me at minimum 3-4 full working days, plus losses at customer sites. > > This is really a huge failure of RHEL and CentOS. > > A lot of trust has been destroyed. >> >> -- >> Leon >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
" UEFI-related updates have had a history of making devices unusable, and
vendors will need to be very cautious."
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
The fix for this vulnerability is complex and the fix will have different
results on different machines. The volunteers that support CentOS do the very
best they can to test patches, but they can't possibly test for everything.
If people have problems with the way patches are tested, maybe they should step
up to the plate and become part of the solution.
We should be offering our thanks to those who donate their time and energy to
supporting the CentOS project.
Andrea
-----Original Message-----
From: CentOS <centos-bounces at centos.org> On Behalf Of Mike McCarthy,
W1NR
Sent: Saturday, August 1, 2020 5:42 PM
To: centos at centos.org
Subject: {EXTERNAL} Re: [CentOS] Boot failed on latest CentOS 7 update
CAUTION:??This email originated outside of BSWH; avoid action unless you know
the content is safe. Send suspicious emails as attachments to BadEmail at
BSWHealth.org.
It appears that it is affecting multiple distributions including Debian and
Ubuntu so it looks like the grub2 team messed up. See
https://urldefense.com/v3/__https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB_0b7TaqLKl4zP1mQ_QRA$
Mike
On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:>
>
>> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <centos at
centos.org>:
>>
>> ?Am 01.08.20 um 23:41 schrieb Kay Schenk:
>>> Well misery loves company but still...just truly unfathomable!
>>> Time for a change.
>>
>>
>> I can only express my incomprehension for such statements!
>>
>> Stay and help. Instead running away or should I say out of the frying
>> pan and into the fire? :-)
>
> The thing, RHEL and CentOS not properly testing updates, cost me at minimum
3-4 full working days, plus losses at customer sites.
>
> This is really a huge failure of RHEL and CentOS.
>
> A lot of trust has been destroyed.
>>
>> --
>> Leon
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo
>> /centos__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB
>> _0b7TaqLKl4zPsGV6qgw$
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/
> centos__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB_0
> b7TaqLKl4zPsGV6qgw$
>
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB_0b7TaqLKl4zPsGV6qgw$
**********************************************************************
The information contained in this e-mail may be privileged and/or confidential,
and protected from disclosure, and no waiver of any attorney-client, work
product, or other privilege is intended. If you are the intended recipient,
further disclosures are prohibited without proper authorization. If you are not
the intended recipient (or have received this e-mail in error) please notify the
sender immediately and destroy this e-mail. Any unauthorized copying, disclosure
or distribution of the material in this e-mail is strictly forbidden and
possibly a violation of federal or state law and regulations. The sender and
Baylor Scott & White Health, and its affiliated entities, hereby expressly
reserve all privileges and confidentiality that might otherwise be waived as a
result of an erroneous or misdirected e-mail transmission. No employee or agent
is authorized to conclude any binding agreement on behalf of Baylor Scott &
White Health, or any affiliated entity, by e-mail without express written
confirmation by the CEO, the Senior Vice President of Supply Chain Services or
other duly authorized representative of Baylor Scott & White Health.
Another ZDNet story on the issue: https://www.zdnet.com/article/red-hat-enterprise-linux-runs-into-boothole-patch-trouble/
I use debian buster on my old notebook, an asus f3ja and I have not grub throuble. I try a virtual mschine with testing and unstable, and both boot regularly Il dom 2 ago 2020, 00:42 Mike McCarthy, W1NR <sysop at w1nr.net> ha scritto:> It appears that it is affecting multiple distributions including Debian > and Ubuntu so it looks like the grub2 team messed up. See > > > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ > > Mike > > On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote: > > > > > >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS < > centos at centos.org>: > >> > >> ?Am 01.08.20 um 23:41 schrieb Kay Schenk: > >>> Well misery loves company but still...just truly unfathomable! > >>> Time for a change. > >> > >> > >> I can only express my incomprehension for such statements! > >> > >> Stay and help. Instead running away or should I say out of the > >> frying pan and into the fire? :-) > > > > The thing, RHEL and CentOS not properly testing updates, cost me at > minimum 3-4 full working days, plus losses at customer sites. > > > > This is really a huge failure of RHEL and CentOS. > > > > A lot of trust has been destroyed. > >> > >> -- > >> Leon > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> https://lists.centos.org/mailman/listinfo/centos > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Mike -- Thanks for the clarification and more information. _______________________ Sent from MzK's phone. On Sat, Aug 1, 2020, 15:42 Mike McCarthy, W1NR <sysop at w1nr.net> wrote:> It appears that it is affecting multiple distributions including Debian > and Ubuntu so it looks like the grub2 team messed up. See > > > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ > > Mike > > On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote: > > > > > >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS < > centos at centos.org>: > >> > >> ?Am 01.08.20 um 23:41 schrieb Kay Schenk: > >>> Well misery loves company but still...just truly unfathomable! > >>> Time for a change. > >> > >> > >> I can only express my incomprehension for such statements! > >> > >> Stay and help. Instead running away or should I say out of the > >> frying pan and into the fire? :-) > > > > The thing, RHEL and CentOS not properly testing updates, cost me at > minimum 3-4 full working days, plus losses at customer sites. > > > > This is really a huge failure of RHEL and CentOS. > > > > A lot of trust has been destroyed. > >> > >> -- > >> Leon > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> https://lists.centos.org/mailman/listinfo/centos > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Questions re this statement in the ZDNET article -- "In all cases, users reported that downgrading systems to a previous release to reverse the BootHole patches usually fixed their problems." A previous release of what? GRUB2 So that's my first question. Second. I'm assuming the the muti-screen UEFI settings I see are standard for more recent BIOS -- not sure of version. Do we have any guidance for that? If it is the case that a downgrade to previous grub2 can fix the problem -- and not latest kernel? Does this matter? -- maybe booting from your chosen "rescue" option AND reinstalling older grub (somehow) can get us further along. _______________________ Sent from MzK's phone. On Sat, Aug 1, 2020, 15:42 Mike McCarthy, W1NR <sysop at w1nr.net> wrote:> It appears that it is affecting multiple distributions including Debian > and Ubuntu so it looks like the grub2 team messed up. See > > > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ > > Mike > > On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote: > > > > > >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS < > centos at centos.org>: > >> > >> ?Am 01.08.20 um 23:41 schrieb Kay Schenk: > >>> Well misery loves company but still...just truly unfathomable! > >>> Time for a change. > >> > >> > >> I can only express my incomprehension for such statements! > >> > >> Stay and help. Instead running away or should I say out of the > >> frying pan and into the fire? :-) > > > > The thing, RHEL and CentOS not properly testing updates, cost me at > minimum 3-4 full working days, plus losses at customer sites. > > > > This is really a huge failure of RHEL and CentOS. > > > > A lot of trust has been destroyed. > >> > >> -- > >> Leon > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> https://lists.centos.org/mailman/listinfo/centos > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:> It appears that it is affecting multiple distributions including Debian > and Ubuntu so it looks like the grub2 team messed up. See > > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ > > Mike > > On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote: >> >>> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <centos at centos.org>: >>> >>> ?Am 01.08.20 um 23:41 schrieb Kay Schenk: >>>> Well misery loves company but still...just truly unfathomable! >>>> Time for a change. >>> >>> I can only express my incomprehension for such statements! >>> >>> Stay and help. Instead running away or should I say out of the >>> frying pan and into the fire? :-) >> The thing, RHEL and CentOS not properly testing updates, cost me at minimum 3-4 full working days, plus losses at customer sites. >> >> This is really a huge failure of RHEL and CentOS. >> >> A lot of trust has been destroyed.Hi Mike, I'm not interested that the issue is present on Debian, Ubuntu and the others. Currently I'm using CentOS, I'm a CentOS user and currently I'm interested what is happening on CentOS because I have machines that runs CentOS. If the "wrong" patch was not pushed as update so fast (maybe waiting more time before release with more testing to get all cases [yes because when you update grub and depending on the fix you can break a system easily]) there would have been no problem, by the way I prefer wait some days (consider that I can accept the release delay of minor/major release) then break my systems...and without messages on ML announces about this type of problem does not help. Sorry I can't know what and when a packages is updated, why it is updated, what type of problem (CVE) it suffers and do my reasoning for an update process. This is a missing for me but I still use centos and I should not need a RHEL account to access to get advisories and see what applies on CentOS (6,7,8 and Stream). Many of us, choose CentOS due to its stability and enteprise-ready feature (and because is partially/enterely backed by RH). Due to actual problem, many server and workstation died and it's normal that some user said "A lot of trust has been destroyed." because they placed a lot of trust on the pro-redhat support. On the other side, all of us can fall in error and this is the case (like me that I updated blindy, so its also my fault not only the broken update). Only one error in many years could not destroy a distro and its stability reputation (I think and correct me if I'm wrong) and I hope it won't happen again.