On 28/04/2021 23:28, Jonathan Billings wrote:>> On Apr 27, 2021, at 11:32, Johnny Hughes <johnny at centos.org>
wrote:
>>
>> You would be hard pressed to find many FUNCTIONAL differences between
>> Stream and CentOS Linux // just as you would be hard pressed to find
>> many differences between RHEL 8.2 and RHEL 8.3, for example.
>>
>> Are there some differences? Sure.
>>
>> If people don't want stream, then by all means , use something
else.
>
> This is true within the narrow scope of just CentOS/RHEL, but if, for
example, you rely on ELrepo for kmods for hardware that Red Hat dropped support
for, you?ll be sadly unable to use those kmods on Stream (elrepo isn?t
supporting Stream[1]).
>
> There will also be inconsistencies with other third party repos and
commercial software that focus exclusively on RHEL when Stream gets major
version bumps ahead of RHEL. Certainly it will be an opportunity for those
vendors to get their product working on Stream, so they?ll be prepared for the
next RHEL release.
>
> But this is why people are calling it a beta test for RHEL. Yes, Steam
running with only their core repos and software from within CentOS is tested and
QA?d. But if you want to use Stream in a larger software context, be prepared
for missing support and unexpected breakages. The only use I will consider
Stream for will be as a test for upcoming RHEL releases, not as something I will
ever want actual users to touch. (And maybe that?s ok)
>
> 1.
http://elrepoproject.blogspot.com/2021/01/elrepo-and-centos-stream.html?m=1
>
The other concern for me is security. I've not had time to track CVE's
in detail, but even a cursory look shows there are CVE's which have been
fixed in RHEL8.3 kernel releases which are still not fixed in the latest
Stream release [1] (which if truly upstream of RHEL should presumably
get the fixes first before they are backported to the RHEL point
releases), and others where the fixes eventually appeared weeks or
months later [2]. I know CentOS makes no claims as to security fixes
etc, but at least with RHEL->CentOS Linux rebuild, one could reasonably
expect that when a security issue was fixed in RHEL, CentOS would have
the same release and fix out the door within 24-48h. With Stream we are
seeing delays of months for security fixes in the kernel that have been
released in RHEL. The only time the Stream kernel is comparable to the
RHEL kernel from a security fix viewpoint is once every six months on
the day the next point release fork occurs. This all indicates Stream is
not of production quality and hence why people associate / use the term
beta software.
[1] CVE-2020-25705
[2] CVE-2020-29661