Get the most out of your Centmin Mod LEMP stack
Become a Member

RHEL has made a new announcement to control the distribution of its source code.

Discussion in 'CentOS, Redhat & Oracle Linux News' started by rdan, Jun 22, 2023.

  1. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    9:34 AM
    Mainline
    10.2
    I saw this post from LET:
    https://lowendtalk.com/discussion/1...the-distribution-of-centos-stream-source-code

    More information is here:
    Furthering the evolution of CentOS Stream
    https://twitter.com/RedHat/status/1671489504186646529
    https://twitter.com/AlmaLinux/status/1671556693308604417
    https://twitter.com/resforg/status/1671555154846285831

    It makes me think going to Alma or Rocky is scary in the long run.
    I have no Alma/Rocky 8 installed on production yet.

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    edit: July 17, 2023 perspective from a Percona employee on AlmaLinux's direction https://community.centminmod.com/th...on-of-its-source-code.23903/page-3#post-96800

    edit: July 13, 2023 AlmaLinux response https://community.centminmod.com/th...on-of-its-source-code.23903/page-3#post-96765

    edit: July 11, 2023 Oracle's response https://community.centminmod.com/th...on-of-its-source-code.23903/page-3#post-96720

    edit: June 30, 2023 update on how Rocky Linux is going to obtain the RHEL sources legally https://community.centminmod.com/th...on-of-its-source-code.23903/page-2#post-96594

    Just beat me to the post :)

    Yeah introduces uncertainty for RHEL derivatives like AlmaLinux, Rocky Linux etc. But from what I understand all this means is derivatives, at worse won't be 1:1 binary alike compared to RHEL binaries as they'd have to be based off of CentOS Stream sources. So basically, you needed to run off CentOS Stream source code in some form. I never intend to use RHEL itself so 1:1 binary matches isn't a concern for me. For commercial users who use a mix of RHEL and free derivatives that might be?

    Maybe silver lining for derivatives is they can now offer up newer versions of packages without concern for 1:1 binary matching to RHEL? This will allow derivatives to differentiate themselves from RHEL as they'd no longer be tied to 1:1 binary matching? But at the expense of more time and effort compared to before this change?

    Pretty sure there's enough commercial/financial incentive for derivatives to survive so a solution will be found - which may just involve more backend work for them. Will be an interesting ride to wait and see!
     
    Last edited: Jul 17, 2023
  3. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Keep an eye on their forums too
    From Rocky Linux forums https://forums.rockylinux.org/t/has-red-hat-just-killed-rocky-linux/10378/2?u=eva2000

    From etherpad notes
    For Kernel comment, AlmaLinux folks have their own CloudLinux OS and KernelCare so they definitely know enough about keeping Kernels up to date :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    I unfortunately predicted this back in 2021. Not to act tough that I am right now. Or that I'm now mr big show: Effectively CentOS Stream would be renamed to CentOS. But more that the impact would be too great, when Red Hat - Suddenly closed CentOS 8 and also immediately limited access to the source code, simultaneously.

    Fact that billion-dollar companies like Rakuten are sitting on Rocky. And Red Hat is still losing a lot of money, just shows that they are trying to squeeze more and more options so that all these big customers will buy directly from Red Hat.

    Advantage on the other hand. Rocky needs to deliver with big clients like Rakuten. So they will probably come up with a solution. Besides, paid customers still get the source. So then you grab the cheapest license for 1 single CPU and you're still there. Or you file a lawsuit. Red Hat uses open source code and because of the OSS license, is obliged to disclose the source.
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah ultimately money talks. But money is also probably what will motivate and assist the derivatives and large corporations that rely on them to find a solution :)

    Going to interesting times ahead. I just witnessed on AlmaLinux chat a CentOS Stream/RHEL package maintainer quit and stop maintaining his packages in protest of RHEL's announcement but eventually was persuaded to transfer ownership of the packages for someone else to maintain. I wonder if RHEL really has thought this through as they also rely on a lot of free/volunteer package code contributors and maintainers as well. Push folks far enough, and probably will fight back.
     
  7. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    A RHEL package maintainer is most likely or in this case was most likely employed by Red Hat.
    If your contract states that you maintain x number of RHEL packages and refuse to do so.

    Then you are committing breach of contract. I don't know the situation in the US, exactly. But in Belgium and the Netherlands refusal to work means a possibility of instant dismissal by the employer. And then, quite simply a colleague is going to do your job.

    The advantage of open source is that Red Hat copies the source. Actually, you don't need volunteers for that. It looks like owner IBM is cutting heavily into this sponsored work. Workers can fight back. But in fact, there are very few jobs in open source land anno 2023.

    Why would an employee hire expensive paid programmers, with much of their delivered work going back to anyone who wants it. So too the competitors. Most apps and services are web based and
    proprietary software for a reason.
     
  8. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    Update: AlmaLinux is going to use and filter Stream and Oracle Linux sources to deliver security updates in the near future. "These updates will be carefully curated to ensure they are 1:1 compatible with RHEL".

    As their board is currently discussing about the next steps for AlmaLinux at this time. I am very curious to see what AlmaLinux and other forks will come up with, as solution. Because there are quite a few RHEL forks that all have the serious problem. As the single code source is closed now.
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah Rocky Linux also provided their first official response too https://rockylinux.org/news/2023-06-22-press-release/.

    Looks like AlmaLinux and Rocky Linux are committed to 1:1 binary compatibility with RHEL still - that is ALOT more work with RHEL announced changes to remove public centos 8/9 repos from git.centog.org and only provide centos 8/9 stream repos to non-paying/subscribing RHEL folks. There's enough financial backing/incentive and technical know-how in both Rocky Linux and Alma Linux camps to make it work.

    RHEL changes will impact a lot of folks, including the entire web hosting industry with control panels like cPanel, Plesk, DirectAdmin and Centmin Mod and the like. Interestingly Amazon Linux 2023 is based off of Fedora and isn't impacted I believe.
     
  10. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    Yup, that is ALOT more work.
    From now on I think that several RHEL clones will start to disappear. Perhaps even that only Oracle, Alma and Rocky will remain. 1:1 binary compatibility with RHEL, obviously does not mean that everything is completely equal. It is 100% compatible. "Oracle Linux (OL) is 100% binary compatible with Red Hat Enterprise Linux (RHEL)". But Oracle does add own additional non-upstream code.

    There are a number of options just quickly popped out of my mind.

    - The current forks are soft forking Oracle Linux without Oracle changes, debloating Oracle changes and rebase/mix Red Hat code from Stream and the RHEL SRPM's. Those SRPM's are still available through the Red Hat paid customer portal. Then you don't literally rebuild the RHEL SRPMs, which Red Hat's paid consumers terms and conditions do not allow you to literally distribute them. But copy out the GPL code and inject it into the Oracle SRPMs. It is not without risk either, as long as Oracle's source is open, because there is no reason for them, now that Red Hat has closed its doors.

    I don't believe Red Hat has much influence on this: "RHEL changes will impact a lot of folks, including the entire web hosting industry with control panels like cPanel, Plesk, DirectAdmin". All the panels you mention already can run on Debian/Ubuntu as well.

    The biggest problem and impact on the shared hosting industry are the absurd price increases for shared hosting panels. The examples you mention have become incredibly expensive. Then you need the additional CloudLinux OS otherwise your server will crashed sometime with noisy Neighbours. Then extra Backup software, auto-installer for web-software like Softaculous, all-in-one billing and automation platform, kernel-care or equivalent, chat feature etc etc. A server with power costs almost nothing anymore. You spend so much money on software. That shared hosting for unknown no longer pays off.

    Perhaps it could be profitable for some large private customers, where you want easy management and almost no looking back. That could be a good use case. But for shared hosting that it is normally intended for (low-end). Shared hosting is a thing of the past for that, though.

    Don't worry.
    That's what the Centminmod community and Alma's and Rocky's are for.
    It always works out.
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah only RHEL derivatives with financial and technical resources will survive

    I wonder if it would be less work if Oracle, AlmaLinux and Rocky Linux combine their CentOS Stream cherry picking git tracking efforts so they at least make their respective OS binaries' 1:1 binary compatible?

    Yeah but I'd suspect the majority would still be RHEL derivative/cloned based? That's just the feeling I get from frequently those other control panel's community forums/discussions.

    Yeah just makes the case for VPS prices more digestible :)

    Yeah pretty much wait and see right now.

    My probably misguided silver lining when I first read this news was that finally the RHEL derivative/clones have a bit more wiggle room to do their own thing package/versions wise if they aren't tied to the goal of 1:1 RHEL binary compatibility i.e. more work on newer Linux Kernels native to the OS etc. But looks like AlmaLinux and Rocky Linux are both committed to 1:1 RHEL binary compatibility.

    For the less technical folks reading on, the equivalent for Centmin Mod is without the requirement for Nginx and PHP-FPM binaries to be 1:1 the same as RHEL/CentOS provided ones, Centmin Mod Nginx and PHP-FPM binaries are allowed to be built with more flexibility in what compiled configurations and settings it can support.
     
  12. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    Of course, it is less work if you divide tasks.
    But hey, they are competitors overall for a reason.

    Otherwise Alma and Rocky could have started a project together.
    Oracle has been around since EL4 so I'll leave that one out for now.

    Oracle is damn large with c. 164,000 employees. That company is so big,
    they probably arrange that themselves. Can work together easily but probably don't want to for various reasons. They simply don't need the other one.

    Alma and Rocky are much smaller. Should work together. Then it is more obvious. That they both undertake something.
     
  13. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    Nice. Oracle Linux seems to be not effected as it is releasing the same updates as upstream.
    After the Red Hat statement and without source on git.centos.org (I briefly checked that).
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah true. Would need for all parties to see beyond themselves for such cooperation to work. With the latest RHEL changes, maybe it will make all parties wake up and see the need for such cooperation?

    These could be updates from way before this announcement? I sometimes seem bug fix updates released like 3-6+ months from when the bug was reported so there could be a long time between the actual RPM builds and release?

    Example for RHEL 8.8 python 2.7 security bug 2173917 – (CVE-2023-24329) CVE-2023-24329 python: urllib.parse url blocklisting bypass the RPM release just came out but bug was reported Reported: 2023-02-28 12:13 UTC by Marian Rehak
     
  15. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    That seems unlikely to me and also unmanageable to me for a fork. You can't continually track bugzilla and other media for changes as a fork, without an official release. After all, you don't know what exactly is going to change. Only the developer knows that.

    And you obviously can't access the Red Hat developer's private repo where the project files are either. So it's waiting for Red Hat to release an update.

    It goes or went pretty simply. There is a tracker on Red Hat Errata. The fork sees updates. Syncs git.centos.org. Review any changes to be made (often rebrand related), rebuild the rpm, test, release.
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah can only guess :)

    CloudLinux has made there announcement CloudLinux OS 8 and 9 in post RedHat world

    So they plan to release a free version of CloudLinux 8/9 as an alternative to AlmaLinux/Rocky Linux 8/9 with 10yr security updates for folks not comfortable with using AlmaLinux/Rocky Linux :)

    Interesting approach but they have the talent and financial backing to pull it off.
     
  17. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Redhat's follow up response Red Hat’s commitment to open source: A response to the git.centos.org changes

    Basically, RHEL doesn't see any value it make it easy for variants like AlmaLinux/RockyLinux with easy way to rebuild off RHEL's work anymore
     
  18. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    3:34 AM
    It is the same marketing bla bla as "Stable, Continuous Delivery" and "Always Ready RHEL", which would be as a so-called serious replacement for Stream > RHEL.

    A user on the CentOS forum puts it pretty clearly:

    "The entire premise and the only reason anyone uses CentOS is because it's rebuilt RHEL. Congratulations on undermining that."

    Red Hat is clearly looking for excuses from competitors:

    "SUSE, Canonical, AWS and Microsoft all create Linux distributions with associated branding and ecosystem development efforts. These variants all utilize and contribute Linux source code, but none claim to be “fully compatible” with the others."

    "Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere."

    Now I can start responding to every quote from this Red Hat Vice President. Naming it as "a real danger", while you yourself use, and have become very big as company on someone else's open source code. Is highly debatable.

    This post only creates more whining. So very questionable post, it just shows that they don't mention the real reason. And we have discussed the real reason many times in the CentOS EOL topic.
     
  19. cloud9

    cloud9 Premium Member Premium Member

    431
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    2:34 AM
    1.25.3
    10.6.x
    Regards CloudLinux, I used it for many years v7, found it rock solid, updates for security always good and there support was excellent, within hours, haven't used it for some 3 years now but was a long time customer when I had co-located dedicated servers.....

    With regards Rhel and CentOS - somewhere down the line it will be "all about the money" (in my opinion) as thats generally the bottom line with big corporations......
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    11:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah Jeff touched on this point too in his video



    Yeah I haven't used CloudLinux yet so will be interesting