[dralley]

Disclaimer: I work for Red Hat

>CentOS makes the Beta & RC testing and RedHat gets more thoroughly tested patches and, that's it. CentOS is moving to a Debian Testing meets Arch Linux position. It's neither stable as Debian Testing, Nor supported like Arch and lacks any official support and possibly no security patch support.

This isn't correct.

Debian Testing is a true rolling release distribution for the next "major" version of Debian. If you install Debian testing, what you're getting is a hybrid between Debian N and Debian N+1, with package versions that at any point in time may or may not be similar to those in _either_ Debian N or Debian N+1, since they get continually updated up until the stabilization phase.

That is not what CentOS Stream is.

CentOS Stream is a rolling release for the next minor (_not_ major) release of RHEL, and follows the same development process, including the exact same CI and testing scrutiny that was required to update a package in RHEL internally. It's basically taking the development process which used to be internal, and opening it up to everyone else.

Unlike Debian Testing, CentOS Stream is _not_ a hybrid between major releases of RHEL (say, RHEL 8 and RHEL 9). It's frozen to a major release. So CentOS Stream 8 will track the development of RHEL 8.3, 8.4, 8.5 and so on, and CentOS Stream 9 will track the development of RHEL 9.1, 9.2, 9.3 and so on. And like both RHEL and current CentOS, that means that the updates will only fall into the categories of backported bugfixes, security fixes, support for new hardware, and on very rare occasions individual backported features.

This is more significantly stable than Debian Testing - it is less "Debian Testing meets Arch" but rather "old CentOS meets Debian Testing".

Where did you hear that CentOS Stream didn't receive security patches? That is not true...

[bayindirh]

Daniel, thanks for the comment and clarifications in (Googled your twitter account for your first name, hope that's OK).

Actually, the initial communication of this issue was so vague from our perspective, so this is what I and my colleagues understood.

Again, thanks for clarifying, because I personally don't want to bash CentOS, but want to understand what's happening and continue to use it. Maybe it would be beneficial to disseminate this in a more visible and more understandable way.

> And further - where did you hear that CentOS Stream didn't receive security patches? That false...

I didn't hear, but as I said, CentOS Stream was presented as a proving-grounds distribution and, I understood that it'll receive security updates in a best-effort basis.

The news came in a crashing way and the initial roadmap didn't communicated well to the outside world in the beginning. To be frank, a lot of people felt betrayed by IBM/RH. When a company announces a big paradigm shift and cuts the support for the latest release at the end of the year without further explanation besides marketing speak, thinking otherwise is pretty hard.

Hope you understand the frustration.

Cheers

[google234123]

You don't actually have to use someone's personal info just because you have it BTW. Just saying thanks is enough.

[bayindirh]

I just wanted to be kind, sincere, and asked his permission explicitly in my comment I presume. At least it was my intention.

If he wanted me to remove it, I would have happily done so.

Also, I just pasted his nick to Google and it came on top. So I presume he didn’t try to hide his name. If I have sensed the contrary, I would not dig one step further.

[panarky]

"Asking for permission", while simultaneously doing the thing you're asking permission for, without waiting for a response, is not actually asking for permission.

[dralley]

No worries.

[kbrwn]

> where did you hear that CentOS Stream didn't receive security patches? That is false...

It's not false under the context of long term support which is why I highlighted so in the OP. How long will each CentOS Stream release be supported? How long with each CentOS Stream release receive security patches?

[dralley]

5 to 5.5 years - the same as RHEL "full support" phase.

[kbrwn]

5 years is half of the Ubuntu LTS and the previous CentOS Linux lifecycle. This is why many consider CentOS Stream to be a significant departure from CentOS Linux. Not saying it is a bad OS but it is no longer a free Linux operating system with long term support.

[dralley]

>5 years is half of the Ubuntu LTS

No it isn't. Ubuntu LTS is supported for 5 years.

https://ubuntu.com/blog/what-is-an-ubuntu-lts-release

>An Ubuntu LTS is a commitment from Canonical to support and maintain a version of Ubuntu for five years.

---

>Not saying it is a bad OS but it is no longer a free Linux operating system with long term support.

Ubuntu LTS is suppored for 5 years, Debian Stable is supported for 5 years, and OpenSUSE Leap is supported 5 years (as far as I can tell - the only documentation I found said "up to" 60 months).

CentOS Stream absolutely provides "long term" support.

[kbrwn]

Ubuntu LTS has an additional 5 years of security support through Extended Security Maintenance thus giving LTS releases a full 10 year lifecycle. https://ubuntu.com/about/release-cycle

[dralley]

Which you have to pay for, just like RHEL.

>ESM is available through an Ubuntu Advantage for Infrastructure subscription for physical servers, virtual machines, containers and desktops, and is free for personal use.

https://ubuntu.com/security/esm

Note that if you click through "personal use" means "up to 3 machines" and obviously doesn't apply to infrastructure. RHEL has free "personal use" subscriptions too, except they apply to up to 16 machines.

And also:

> Initially, free subscription is available for Ubuntu 14.04 LTS only.

[fomine3]

> Unlike Debian Testing, CentOS Stream is _not_ a hybrid between major releases of RHEL (say, RHEL 8 and RHEL 9). It's frozen to a major release.

Thanks, I recognized it first! It should be more clearly advertised.