Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I went through the Rocks Cluster cycles in 3, 4, and 5 with SLC and Scientific until those fell by the wayside.

Rocky is the underdog you want to win.

Alma is the leader except in terms of security update latency.

The problem is that Cent 8/9 Stream has quicker critical CVE patches because it's essentially the source and is closer to mirroring RHEL.

It's hard to convince corporate folks to use Alma when Cent is still the "safer" choice technologically and provides continuity even if its governance and lifecycle maybe worse.



Apperantly stream is the slowest. https://news.ycombinator.com/item?id=33905616


Not exactly. For most CVEs, CentOS Stream gets them months before RHEL and RHEL clones. But CVEs rated important/critical (or otherwise embargoed) are required to go out to RHEL customers first. Once the fix is live for RHEL customers, two things happen more or less simultaneously:

- The RHEL package source with the fix is published, allowing clone distros to start their rebuild work. - RHEL maintainer starts working on the fix for CentOS Stream in public. This may or may not be the same patch as what was released in RHEL, depending on whatever other changes have already happened in CentOS Stream.

These tasks are not the same and take different amounts of time. On top of that, the release pipelines to get the fix out to users are different between the various distros. Sometimes the fix is live for CentOS Stream before the rebuilds, sometimes after. There were some notably slower exceptions with CentOS Stream 8 in the early days, because CentOS Stream 8 is built "inside out".

https://twitter.com/carlwgeorge/status/1439724296742576130

In CentOS Stream 9 going forward, RHEL maintainers own their CentOS builds and things are working much better. There is work in progress to migrate 8 workflows to match 9.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: