The Future of CentOS and Criteria For Choosing a Business Distribution

By Caitlyn Martin
August 5, 2009 | Comments: 62

Over the past week or so CentOS has received a lot of press, much of it rather unflattering. For those not familiar with the Community Enterprise Operating System (which is what CentOS stands for) it describes itself as "an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor." What they can't say on the website is that the vendor in question is Red Hat and that the sources are those for Red Hat Enterprise Linux. What CentOS and a few other Enterprise Linux clones do is take Red Hat's source code, which is licensed under the GPL, remove all the trademarked logos and, at least in theory, the corporate identity, and deliver an unbranded version at no cost.  

I've used CentOS extensively over the past four years or so as an alternative to the commercial Enterprise Linux offering when individuals, companies or organizations wanted the stability, reliability, and reputation of the upstream Enterprise Linux but didn't want to or simply couldn't afford the software subscription cost. Many companies will choose to have licensed and fully supported Red Hat Enterprise Linux production servers but will use the no cost alternatives on development boxes which simply aren't mission critical.

On July 30 some of the core CentOS developers wrote an open letter to project founder Lance Davis expressing their frustration at a lack of communication and threatening to leave the project en masse. This, in turn, was picked up by the technical press. The most over the top coverage came from The Register who reported that CentOS was "poised to die". When Mr. Davis attended the next developers meeting and, in the process, resolved some of the issues, The Register's sensational headline read: "CentOS back from brink of death." There's nothing like gross exaggeration to bring in that readership, is there?

This whole situation with Lance Davis was hyped way out of proportion. The whole time the dispute between the CentOS developers was in the news development moved forward and patches were released. CentOS was never a one man show. It was perhaps in danger of forking or a name change but it never really was anywhere near point of death. Even if the project were to die businesses running CentOS could have moved forward without major disruption by pointing their servers to the repositories of another Enterprise Linux clone for updates and then gradually migrating to the other distribution.

The problem which lead to the hyperbole and exaggeration of the issue was the decision to put an internal squabble on the front page of the CentOS website. It is truly rare that any good ever comes from airing your dirty laundy in public. Of course, if that is what caused Mr. Davis to show up to the last developers' meeting maybe this was an exception.

My remaining concern about CentOS is that thay have been slow with some security patches lately and that has nothing to do with the developers' issues which made the press. Red Hat delivered Firefox 3.0.12, a security patch which closed five vulnerabilities classified as "critical", the same day Mozilla did. Scientific Linux (another RHEL clone) had it available within 24 hours. It took CentOS more than a week. That isn't good for something with known, significant vulnerabilities. Before someone points out that a browser isn't critical or perhaps even appropriate for most servers I'll remind my readers that the upstream "prominent North American Enterprise Linux vendor" sells its product for both servers and corporate workstations/desktops. It is fair to assume that CentOS is used the same way. This also was not an isolated case of one late patch. Some patches have been very quick to arrive and others have not been. CentOS has been erratic with its patching for quite some time.

The recent furor around CentOS has crystallized my thoughts and helped me reach a conclusion about what criteria should be used in selecting a Linux distribution. In this case I am focusing on the business, government and non-profit organizational use but honestly this same criteria may be best applied to personal systems as well.

By shining a light on the CentOS development team I was reminded of something I knew all along but never focused on: CentOS is essentially a small, volunteer project. Much like the many hobbyist desktop Linux distributions CentOS is dependent on a relatively few people. If one key developer leaves the project will suffer. If several leave it would be greatly hurt and might not survive. That is the nature of small projects, not something unique to CentOS. It also, in my newly formed opinion, actually makes CentOS a poor choice for business. Does anyone else remember White Box Linux? It was another very good Enterprise Linux clone that simply stopped being updated a couple of years ago.

One of the big selling points of Linux in enterprise space is the stability and reliability of the operating system. That applies to the organization supporting the code as much as the code itself. One of the reasons Red Hat has been so successful as a company is a long reputation of excellence and stability as a company as well as in technical areas. The main competitors to Red Hat are SUSE, which is owned by Novell, a company with a long and largely successful history in enterprise computing, and Ubuntu LTS, which is owned by Canonical, a company known to have strong financial backing.

A Linux distribution doesn't have to be corporate to be able to provide a strong sense of stability. It can be backed by a government, a foundation with outside support, or educational or research institutions. The key isn't the structure of the supporting organization. Rather it is knowing that such an organization can provide the foundation and the continuity to insure that the distribution has adequate financial resources and doesn't depend on the health of one individual or the cohesiveness of a small group.

The net result is that I am no longer recommending CentOS nor will I be deploying any new systems with CentOS. I'm going to recommend Scientific Linux over CentOS for folks who need a free Enterprise Linux clone. While I really wasn't worried about CentOS disappearing I think the fact that Scientific Linux is backed by Fermilab (part of the U.S. Department of Energy), CERN and other leading research laboratories and universities around the world guarantees the health and longevity of the distribution. Scientific Linux has also been more consistent in delivering security patches on a timely basis, something critical to enterprise Linux users.

Even if we, the business user community, could be assured that CentOS will deliver security patches promptly from here on out I still think Scientific Linux is a stronger choice. I'm not saying that Scientific Linux has better code or provides a better computing experience than CentOS or any other Enterprise Linux clone. I am saying that it has a strong organizational foundation that CentOS lacks.


You might also be interested in:

62 Comments

Most of your comments are accurate, but I think you get it wrong with the CentOS effort. The actual people who have keysign access is small, however the community is very large. And what we do inhouse is easily replicated ( as you can tell from the number of appliance and app vendors using CentOS as a base ) - should anything happen to any of the developers, its not hard replacing them on the technical side of things. Given the mass traction there is and the level of expertise around the *EL* codebase, its not hard to get a more 'solid' frame of reference.

The issues that were brought up with the open letter were blown well out of proportion by the media, as you said. And they were all admin related, none of them technical in nature. The person in question has had almost nil contribution into the distro, the packaging or the infrastructure that runs CentOS for years. And these issues are not hard to fix, we are working on options right now and hope to have a plan in place within the next few weeks. Hopefully we can put a few options out there and see how that works for the users, and go with the best solution.

Your point about the security updates is well founded, we try a lot harder to make sure we get things right and we have a much more involved process to establish when the 'right' is. An easy way to work through this would be if Red Hat were to share more info with us. Not sure if that is likely to happen and what the timeframe for that would be, but over the course of the next few months we hope to have a more transparent process in place that lets users track exactly what is going on, where and how.

I'll try and get a blog post together over this weekend that explains more about these things, but the important thing is that CentOS is today the number one choice for the 'stable computing for people who can self support' markets. Thats unlikely to change, irrespective of whats being put out by the mass media. We are very much a user community based setup, and intend to say that.

I am just glad, as an opinion leader you make the right comments about the media hype!

btw, your comments about Scientific Linux are quite wrong.

( they have a smaller, more fragile development team and a much much smaller community and infrastructure setup than CentOS - also, their aims and goals are different ! )

I think there is potential to work together with them, however if you think you can replace the CentOS base with their distro, you havent really looked into things ( imho ).

CentOS has a much larger development team than Scientific Linux (CentOS has 8 main developers, 6 infrastructure team members and dozens of people in Special Interest Groups ... Scientific Linux 2 to 3 developers). CentOS has main developers in the United States and 4 EU countries.

CentOS has 40 internal machines worldwide for distribution to the public mirror infrastructure (residing in 7 different countries).

CentOS has 277 public mirrors world wide in 56 countries (and all the associated bandwidth) to allow people to download ISOs and do updates when published.

CentOS has an estimated 4 million unique IP addresses that download updates from those 317 machines when we release updates or new ISOs. Scientific Linux might be able to handle that with their current infrastructure, I am not sure.

The Open Letter has been blown out of proportion. The end result is, now the CentOS Project (and not any individual) owns all the domains in question to distribute CentOS and controls the "name and artwork" that make up CentOS. It was a step that needed to be taken to ensure CentOS can remain as it has been, a community project that can not be held hostage by one person. The "WORK" was never an issue in all of this.

But, what happened here was that a Community based distribution needed community help to solve a problem after all other means to get it solved failed to produce results, nothing more. This is the only real method for settling a disagreement if both parties in a community organization think they are correct ... go to the community for resolution.

CentOS has a very good relationship with the Scientific Linux developers and I am not saying anything negative about them at all ... in fact it is a fine distribution. They are not, however, larger in any way than CentOS. That is not a good thing or a bad thing, it is just a fact.

If you personally feel more comfortable recommending Scientific Linux, I guess that is fine.

(Also, Fermilab as nothing to do with Novell ... not sure what that link is for :D )

You are mostly right, however I will still stick with CentOS. Even after the big media roller coster, it still is the biggest open source and free Linux distro that is best suited for servers. The issue I see with SUSE and Ubuntu LTS is that when an open source project is backed by corporations the free product often suffers. Some studies also suggest that centos still performs better than ubuntu in high performance servers. All in all I do agree that we - the business community - value stability and will always keep an eye on it. But in this case I have yet to lose faith with the centos team.

If the question is "Who supports my RHEL clone", I think the right answer is "Oracle". Unbreakable Linux is there.

Caitlyn Martin,

I too recommend that you look at the varying goals between CentOS and Scientific Linux. They are quite different. CentOS aims to be 100% binary compatible with its upstream provider and Scientific Linux (although it has been a while since I read about it so maybe I'm mistaken) is all about using the upstream provider as a base to build something else on top of... with quite a few changes and additional packages... for scientific research environments.

The answer to your "updates are erratic" issue is... if you want faster updates, you should consider upstream... as they are the source of the updates in the first place.

I have to wonder how much guessing you did when you compared the development team sizes and backing of CentOS vs. SL. In previous comments, top level CentOS developers gave you some stats about the CentOS project... and a little bit of information about SL... but I recommend you do a follow up article after having gathered some more info about SL... and then see if your recommendation changes any. Just the differences in goals is enough for me because my use cases are more in line with CentOS than with SL, but if I had different use cases, that might change. In several places I choose upstream.

I have another issue for you to further investigate. You mentioned Novell/SLES and Ubuntu LTS/Server. How many free clones of those exist? I'm guessing there may be some clones of Ubuntu but I'm not sure if anyone has picked up the LTS and/or Server products and promised to support them as long as Canonical does... and to the best of my knowledge, there aren't any real, free clones of either. Why that is I'm not exactly sure... so there is another potential article topic for you. :)

Lastly I'm not sure that Ubuntu has secure funding. Mr. Shuttleworth has mentioned in a few interviews that he would like to see Canonical become profitable and independent within 3 - 5 years. At least that is what I remember reading somewhere (sorry I have no link for that). Can Canonical become profitable and self-sustaining in 3 - 5 years? What happens if they can't?

@Lucas: There are press reports that Oracle is planning on doing away with Unbreakable Linux. In any case it is no more free of cost than Red Hat Enterprise Linux. Why go with a clone at all? For businesses and organizations who can afford the license fee Red Hat is by far the superior choice due to their first class support.

Regarding the other comments: what I am saying which some seem to miss is that a community based distribution is not suitable for the enterprise, period. That includes CentOS. A distro needs large organizational or corporate backing to insure its future. Selling CentOS in business is really only possible when you piggyback off the Red Hat name. Scientific Linux can, in part, be sold on its own merits because of who backs it. Yes, the development team is small but the organization can afford to hire new or additional developers if needed. CentOS remains a volunteer effort. I consider that more fragile.

The situation with Mr. Davis was blown out of proportion to the extreme. It was hyped for page hits and readership. I made that clear. It isn't the reason I recommend against CentOS now. Rather it was the catalyst for me to rethink my recommendation. The issues I raise regarding patching and organizational structure existed long before some in the press reported on the letter.

I realize there are some who philosophically believe in a community model. It's a nice utopian ideal. I guess I have become disillusioned with it. I've seen it fail in numerous ways and it just doesn't provide the type of professional environment or support corporate clients demand. There are projects which probably have larger communities than CentOS which I won't recommend either.

I wish the CentOS community and their developers well. I hope the remaining issues get straightened out. Maybe some sort of structure can be put in place to reassure corporate IT managers and small business owners about the future. At that point maybe my opinion will change. In the open letter it was the developers themselves who raised the issue of killing the project. That, in and of itself, while perhaps unlikely, raised too many doubts.

@Johnny Hughes: I've corrected the link for Fermilab. Thanks for catching that and bringing it to my attention.

@Scott Dowdle: You are correct that SL adds packages for scientific use. They do NOT change the Red Hat kernel or any of the core library code. SL is 100% binary compatible with RHEL. In addition all of the repositories which work with CentOS also work with SL.

In the case of Ubuntu LTS there is no need for a clone. The server and desktop code is all available without subscription fees. With Ubuntu you either purchase the support or you don't. Regarding funding and Mark Shuttleworth's goals, you forgot to mention the recent interview where he indicated that Canonical/Ubuntu are very near to reaching the goals he set for revenue. I don't think there is any more danger of Ubuntu disappearing than there is of the other two disappearing. In any case I still believe that Red Hat Enterprise Linux is in a class by itself and it is what I truly recommend. I simply mentioned who the main competitors are and why as part of my argument for corporate, government, or institutional backing behind any Linux distribution used in business.

I am not aware of any SLES clones. Maybe someone can enlighten me in this area.

Your answer to patching, simply saying "go upstream", is always the preferable choice. Many small businesses, struggling businesses and non-profits simply can't afford it. In that case a clone is a reasonable alternative. The patching issue is a legitimate one and security updates must be out promptly for ANY Linux distro to be taken seriously.

Very good comments all around so far. Thanks to everyone who is participating in the discussion.

I'm using RedHat at work and CentOS at home.
Neither work nor home have any support from the vendor beyond updates.

My last job was using Whitebox Linux and moved to CentOS as a better organized and supported platform.

If there's a RHEL update I find critical to the security of my boxes at home I can legally download the source RPM and type rpmbuild -ba SPECNAME.

I'm reassured by the CentOS actions and I'll keep Scientific Linux in mind when I'm considering upgrades or new OS's.

I've run CentOS, Whitebox, FreeBSD, Solaris, SunOS and OpenVMS and all of them have their delays at times in resolving and releasing security fixes.

Verification sometimes takes time. As long as I'm aware of the issue I can take steps to minimize the risk via firewalling, restricting access or rebuilding the code myself.

What do you want from a volunteer project.

If you need a commercial product, buy it. Pay for the support from RedHat, Canonical or others.
I went to Whitebox when RedHat cancelled their non-enterprise distributiion and walked away from me paying for the up2date services.

I'd still be paying them today if they didn't decide it was the wrong business model for their operation.

I've been doing RedHat and Caldera since they began and Unix before that. This post is much ado about nothing.

If you deploy a non-commercially supported system in a business setting it's basically your job to take the roll of support engineer. Most places won't consider it, but some small ones that want to have a custom release can't afford to do all the engineering in house. Security fixes are then a local responsibility.

At my old job we rerolled OpenSSH and OpenSSL to new versions when we didn't see quick enough movement on fixes from a vendor or the old release was out of support. That's what Open Source is about. My biggest gripe is Unix versions where the vendor's gone and the source was restricted by USL license.
We needed code escrow on stuff where the vendor's run for the hills.

Try to find SCO source code and patches in a year or two when they've gone chapter 7.

I've been running CentOS as a file/intranet server since 5.0 was released. I started becoming concerned during the protracted period that it took to get 5.3 out. Not about the "lateness" in getting 5.3 out, but the complete lack of security updates in the interim for my 5.2 system. This "No updates available" went on for over a month. My version of Firefox trailed behind Red Hat's by two versions.

We can go back and forth about how many developers CentOS has vs. Scientific Linux. To me, that is academic if the Scientific Linux developers get their distro out several weeks in advance of CentOS, and more importantly, provide more timely security patches. If I'm not mistaken, Scientific Linux also supports older "dot" releases, such as 5.1, 5.2, etc., while CentOS does not. Not an issue for me, but it does indicate a little more thoroughness on the part of the Scientific Linux developers, few in number as they may be.

First, I should note that switching a machine between "SL" or "RHEL" or "CentOS" is very easy. Change the repository it is pointed at, pull in a few packages, and presto, your machine is now "RHEL" instead of "CentOS" or vice versa. These distros are as close to identical as they can be.

Second, we switched from SL to CentOS a long time ago, for many of the reasons listed in this article (slower updates, smaller user group, etc). However, it wouldn't surprise me if this changes every few years as the groups evolve. I get the impression you haven't deployed SL in the past.

Third, we're on RH because we run some proprietary software that is only supported on RH-type distros. So SUSE or Ubuntu are not an option. This is likely the case for many "enterprise" or "business users".

CentOS is certainly the EL clone which tracks upstream the most closely. Scientific Linux exhibits more significant deviations from upstream which is understandable because it targets a very specific circle of scientific users namely those in the CERN/FL research environments for whom it has been created in the first place.
I have found CentOS to be a perfect match when maximum compatibility without the price tag of EL is desired. The artwork is more neutral than that of SL and better suited for a corporate environment.
There have been some delays lately, namely regarding the availability of the CentOS 5.3 live CD. However, this is a community effort, and everybody can help out either by contributing work or donations. If only 1 USD for every CentOS installation were donated, bottlenecks could certainly be avoided more efficiently.

Yeah, CENTOS is a distribution for netbooks nowadays.
Not reliable enough to use in business.

@Joachim Namislow: Perhaps you missed the part of the story about Lance Davis where the developers wanted to know where the contributions to CentOS went. That is still an unresolved issue. Until that is settled I wouldn't recommend that anyone donate to CentOS.

Scientific Linux adds packages for scientific use. They don't change the Red Hat kernel or core libraries. It remains 100% RHEL compatible. As such the "deviations" you refer to are non-issues.

I also don't think that any amount of money can solve the problems without some sort of order being imposed. As I commented above I don't believe a distro based on a community model is appropriate for the enterprise at all.

@Peter Griffin: That was a perfect illustration of the issues involved. Thank you! I've quoted you on my blog and I appreciate your comment.

@Alex Chekholko: Excellent points all the way around.

Caitlyn Martin,

I still disagree with your conclusion... "volunteer projects sometimes fall apart so you shouldn't depend on them for business related stuff" ... and that "as long as someone is getting a pay check it is better for business." Sorry, that's how I summarize your article. Perhaps you'll disagree with my summary.

Anyway, I could extend your idea and say... that any software that isn't financially supported and is solely a volunteer effort shouldn't be used in business. For a few years of its life Linux was like that and eventually companies formed and started paying people to work on both the Linux kernel and many userland apps.

How many apps do you use on a daily basis that are totally done by volunteers in a community project? Doesn't the vast majority of FLOSS software fall into that catagory? Should business not use any of it?

The more correct answer is that with FLOSS, even if the project behind a piece of software does die, the source code is out there and anyone can pick up the ball and run with it.

How many commercial software companies have come and gone over the years? I think the failure rate of software companies is probably worse that that of restaurants and/or second/third generation family businesses... as far more fail than succeed. So depending on commercially backed software is more risky than FLOSS. Even government backed agencies who fund things can have a sudden funding decision change so they are just as vulnerable as anyone else.

There are no guarantees. You seem to want RHEL but don't want to pay for it... and if a community project fits the bill but isn't perfect... they aren't good enough... but if one or two people somewhere else are getting paid, that somehow makes it better... although in another column you state that you've never really used Scientific Linux for any length of time and couldn't recommend it until you had used had... but that has somehow changed... now that you've realized the meaning of the word "community".

Regarding the erratic nature of CentOS updates... that has been pretty constant for a few years now. Some updates take a day and some take longer. That hasn't changed... but all of the sudden it is unacceptable to you. So who has changed? CentOS or you?

While you are certainly free to have your own opinion and decide not to recommend CentOS... there are literally millions of CentOS users who will continue to disagree with you. :) And of course there are millions of others who use different distros.

I'll bet you a slice of pie that CentOS will still be here five years from now... even though their updates still may lag behind sometimes.

@Scott Dowdle: I made clear that I had changed my views, not that CentOS had changed. That includes my views on community projects as a whole. It isn't the paycheck that makes a corporate, government or institutionally backed project stronger but rather the structure and continuity such organizations provide that community projects can't provide. Yes, there are weak commercial entities. You don't see me recommending Mandriva on the server, do you?

Most of the major FLOSS projects have corporate, governmental or institutional backing nowadays. The majority that businesses use are no longer truly community projects. However, to answer your question, yes, I am most certainly saying that a project that is strictly community or volunteer based is not suitable for mission critical business use. You have to be prepared to lose that project. Again, in business, there aren't many major projects (or perhaps any) in common use.

Actually, I do pay for Red Hat. I just don't pay for it on every system. I recommend Red Hat Enterprise Linux as the best solution for enterprise/business servers. That has never changed. It isn't that I don't want to pay for it. It's that some business or organizations whom I want to be able to support won't pay for it.

Oh, and yes, the recent events made me take a new, closer look at Scientific Linux to an extent which I had not done before. That is certainly fair comment. I did, however, accept input from those who have run it for an extended time regarding what I could expect in terms of security and patches.

So... your summary isn't exactly accurate. On the rest, we'll have to agree to disagree.

I've personally had a lot of success with CentOS over the past couple of years, and I'm grateful for the service that the project does for those of us who either are doing this on a hobbyist basis or have shops where the admins feel they can do as well without the RH support.

That's my situation. In my personal exploration of Linux, I've learned a lot by installing CentOS versions 2 through 5, and I happen to have one laptop that responds very, very well to CentOS/RHEL 5. You might say it's my "safety distro" on that one machine for those times when Ubuntu gives me trouble.

I was surprised that in my shop we moved a very critical (to me anyway) production Web server from RHEL to CentOS over the past year. I know the admin can handle it, and given the reality of the economy over the past few years, I don't blame my company for either pushing for or allowing that change.

There is also that other OS distribution that releases updates every 4 weeks on a Tuesday! They have good financial backing as well. A lot of enterprises use it. Some of the apps that run on it are not updated frequently or at all unless the newest version is purchased. Those apps are created by companies that may have good financial backing as well.

I have been running CentOS for a few years and have had no problems with it. I tend to run it for servers. On the desktop I like Ubuntu Linux because of the more bleeding edge things that are easily available for it. When I read the hype about the problem the CentOS team was having the open letter made it apparent to me that it was mainly over the centos.org domain name expiring this year and the person who owned the domain not being able to be contacted. That would pose a big problem for any distribution whether it was well backed or not. I imagine that there is a testing phase for the updates the CentOS team provides. I imagine that sometimes the process of getting updates out goes smoother than others which effects how fast updates are released, like any other distribution. Being that CentOS is a community ran distribution by volunteers, a person could always contribute their time to help make CentOS better.
From my personal experience volunteering my time, I tend to volunteer for things I like and enjoy doing. I would assume the volunteers that make up the centos community like doing what they do as well. That to me is better assurance for a distribution not going away any time soon than being financially backed. It takes the profit margin out of deciding how many developers to pay and how long to offically support a distribution or version.

Ubuntu is also based from Debian which is another distribution whose community is made up of volunteers.
Each Ubuntu release is based upon a snapshot of Debian's development archive. What would happen to financially backed Ubuntu if Debian went away? What would happen to Debian if Ubuntu went away? Its apparent that Linux distributions wouldn't be possible without a well diverse community. I am glad that such a diverse community exists for which Linux distributions rely on.

"doesn't depend on the health of one individual or the cohesiveness of a small group."

Do you mean like a CEO and Board of Directors? Or President and Executive Management? Or Principle Software Engineer and Software Engineering group? People come and go in businesses all of the time. My most previous employer laid me off despite that they knew that several projects were going to be delayed and at least one would probably die upon my departure.

Companies fail daily. Being in business and having a payroll of software developers is no guarantee of either quality or indefinite continuity. But, with much of what is considered to be collectively "Linux" being Open Source and under the GPL, they don't need to be.

@Ed: Debian has a foundation, meaning they have created a structure and organization for themselves to provide the stability I write about and to handle funding issues. I imagine if somehow Debian were to fail Ubuntu could easily afford to take it over. Not a valid comparison.

The comparison to Microsoft is laughable. I never said that corporate backing and money equals quality. What I did say is that they usually are necessary ingredients to stability and long term survival. I still believe in the FOSS model provides for better results for all the usual reasons stated. I also believe adding institutional backing is what has made Linux a success in business. Red Hat and Novell are the strongest cases in point.

The "I've never had a problem with CentOS" line is seriously silly. I can find you any number of people, probably millions of them, who will say the same of Windows. Not having timely security updates is inexcusable and indefensible. One of the arguments for Linux over Windows is that we don't do security by obscurity. We do real security.

I have no problem with the diversity of Linux distributions and the diversity of models which support them. I have no problem with voluntarism or even hobbyist distros for that matter. I just don't think those sorts of distros belong in mission critical applications in business.

@mark: Companies don't fail because a CEO leaves. If a company is small enough or weak enough to fail because one developer leaves it isn't something I'd recommend either. Note my comment about Mandriva above. I also made very clear in the article that what I was talking about wasn't necessarily a corporation. A government, educational or research institution, or a private foundation can do equally well. You are making an argument based on cherry picking my article and ignoring the points that don't fit your mode of attack. Sorry, no sale.

Do you really want to tell me that a small group of developers are as stable as Red Hat or Novell or the institutions behind Scientific Linux or even the foundation behind Debian? Seriously?

Some of you clearly have never tried to sell Linux in a corporate/enterprise world. Try and sell the community support model to IT Directors and tell me how far you get. Try to explain why being really slow delivering security patches isn't a bad thing since it's only a community of volunteers supporting a distro and business just has to understand that. How much success do you think you will have?

I disagree completely with all of this.

The idea that businesses should only run Linux distros supported by a company (still less the notion of a "foundation") means that, really, only Red Hat and Novell qualify. Canonical is not a serious company in the same sense. Neither is Debian. Very few other Linux-related companies or organizations are and almost no FOSS software projects qualify.

This is just a ridiculous notion. And I really don't care how hard it is to convince corporate IT types that they would be better off with some "less qualified" OSS projects. Corporate IT types don't "get" OSS in most cases anyway.

Mind you, there SHOULD be some concern about how well an OSS project is being pursued, who is behind it, how development is progressing, etc. And OSS projects should be forthright in communicating this information to potential users.

But the idea that no corporation should consider OSS unless it is supported by a corporation - or worse, some nebulous notion of a "foundation" - is just nonsense. Appropriate risk/benefit analysis can handle this sort of thing IF it's done - which in most cases - especially in the case of Microsoft - it's not.

Sun was a huge company. It just got sold to Novell - and now Solaris is an open question. Should everyone who used Solaris now be branded as incompetent because they trusted a large company like Sun to be around forever?

Change is endemic in the IT business. Nobody except IBM is forever - and I still have doubts about IBM. Of the five main computer companies around in the '70's, how many are left? You makes your pick and you takes your chances.

Centos is perfectly fine for business use, as long as a company is aware of potential risks and takes measures to be able to switch from Centos to SL or RH if necessary.

@Richard Steven Hack: You may want to get your facts straight. Sun was purchased by Oracle, not Novell. That also doesn't mean the end of Sun products, does it?

How is Canonical not a serious company? How do distributions like Scientific Linux, which is supported by an international group of research institutions and universities which, in turn, are funded by major western governments, not qualify in your mind as having sufficient backing when Red Hat and Novell do? How does Pardus, which is backed by the Turkish government, not qualify? Only two distros meet my criteria? Try dozens.

How is CentOS OK for business if they have a history of not getting security patches out on a reasonably timely basis? Even one of their developers agreed that needs to change in comments above.

Disagree all you like. Claim that businesses "don't get" FOSS all you like. The fact is that those of us who make a living selling and implementing FOSS have to do so in terms business understand.

I have to agree the current state of play with respect to delayed security updates it totally unacceptable. The CentOS Project publish their aim to provide updates within 24-72h and they are consistently failing to meet this aim.

The extensive lag that accompanies an minor update is also of great concern. 10-12 weeks, with no security updates, now seems the norm. To defend such a position with comments such as when it's ready or go buy a RHEL license if you want it sooner is inexcusable, at least in any enterprise environment I'm familiar with. How is one supposed to plan around such uncertainties? Simply, you can't. So if you can't use CentOS in the enterprise it becomes little more that a hobbyist distro or for those wanting to learn RHEL.

CentOS really only has one function, and that is to produce a binary compatible clone of the upstream product, with security updates. They need to concentrate on that core function and start delivering on it in a timely fashion, with consistency. Otherwise Caitlyn might not be the only user who starts to look elsewhere for an enterprise OS.

"To defend such a position with comments such as when it's ready or go buy a RHEL license if you want it sooner is inexcusable, at least in any enterprise environment I'm familiar with. How is one supposed to plan around such uncertainties? "

By paying the company which does all the work in the first place? Go buy a Red Hat subscription and compensate Red Hat and get a guarantee of timely updates in return.

If you rely on volunteers to do the work then a release can get delayed because someone went on a honeymoon. Yes, it happened with CentOS and you have nothing to complain about but your own failure to take things into consideration. You thought you would get all the benefit of a real commercially supported operating system but without engaging yourself in a commercial transaction. Who else but you is to blame for that?

I think most of this misses the point. One poster earlier on called CentOS "still the first choice for self-support organizations" or something to that effect, and that is precisely the point. When one uses something like CentOS rather than RHEL, one has made a decision of cost versus corporate support, and one lives with the implications. One implication might be that one fetches a critical update from RH in a source RPM and does a rebuild oneself. Depending on the overall situation an organization is in, this might be a valid choice or it might not. One size does not fit all and your mileage may vary, etc.

So if Ms. Martin does not feel comfortable recommending CentOS, that's fine; if others, based on an assessment of the client's need and environment do feel comfortable recommending it, that's just as fine.

Whether Scientific Linux is more stable because it is based at Fermilab is a questionable premise, imho, because we have no idea how solid management support is for the project; while Fermilab could probably hire extra developers if necessary, we have no idea whether they will, either under current management, and certainly not under unknown future management. Supporting Scientific Linux is certainly not part of its official mission, and if it is questionable to rely on a community then it's equally questionable to rely on Fermilab.

in my humble opinion CentOS has a large base market in web hosting industry , so its not going to fade so easily.

I do not agree that commercial backing is a requirement for good team organization or a "pay for" model is required for good support. Commercial software and support is notorious for failing, but this does not in an of itself refute your conclusion. What is required are counter examples. Debian has been mentioned. Many projects, e.g. Apache, had good records _before_ there was corporate involvement. OpenBSD is another (very) non-commercial project with an excellent record, a project relied on by many enterprises for mission critical tasks.

You may wish to re-think your conclusion. What counts is track record, period.

You're missing the point. CENTOS uses RHEL as a base. If CENTOS disappears I can easily switch to another distro using RHEL as a base or to RHEL. If I'm concerned or too busy, I can switch to RHEL and pay. I don't really care about CENTOS per se, I care about RHEL but am willing to take the convenience and cost save of using CENTOS. That sounds like I'm dissing CENTOS: I love it, great project, pity things had to turn unprofessional for a moment but they seemed to have tried everything else, one day I'll have some money or contributions to give them.

@neo

"To defend such a position with comments such as when it's ready or go buy a RHEL license if you want it sooner is inexcusable, at least in any enterprise environment I'm familiar with. How is one supposed to plan around such uncertainties? "

By paying the company which does all the work in the first place? Go buy a Red Hat subscription and compensate Red Hat and get a guarantee of timely updates in return.

If you rely on volunteers to do the work then a release can get delayed because someone went on a honeymoon. Yes, it happened with CentOS and you have nothing to complain about but your own failure to take things into consideration. You thought you would get all the benefit of a real commercially supported operating system but without engaging yourself in a commercial transaction. Who else but you is to blame for that?


neo - you completely miss the point. Sure I can purchase a RHEL license where needed, and often do. I am also more than capable of rebuilding RHEL updates for myself when they are delayed from CentOS. But the whole point about CentOS is that I, an thousands others like me, don't have to rebuild our own updates - the project exists within the community so many individuals don't all duplicate each others work.

If my choices as a CentOS user for obtaining timely security updates are:

1. buy a RHEL license, or
2. rebuild them myself

then there is no point CentOS existing as it has no value. The whole point of CentOS is that it exists to add an alternative to the above two options. When it doesn't deliver that alternative there's not much point it being there.

CentOS just acknowledged and solved its largest structural problem this week. One would project their forward slope to be positive, not negative. If anything, it's an illustration of how doing things in the open provides the best outcomes. The best is yet to come, I'm sure - this all smells of kicking someone when he's down. If you'll read planet centos, you'll find talk of a foundation, better build tools, more visibility, etc.

Does anyone else remember White Box Linux? It was another very good Enterprise Linux clone that simply stopped being updated a couple of years ago.

This is a really interesting point, given the theme of the article. To engage in reckless personification, Whitebox Linux got destroyed by Hurricane Katrina. The developers were running shelters, keeping their families safe, etc. Scientific Linux happens to be developed upstairs from the world's most powerful nuclear accelerator. Don't cross the streams, boys (I kid because I love). CentOS is widely distributed.

Anyway, only RHEL has zero-day updates available with regards to their downstreams, so if that's the primary criteria, a RHEL license is the only way to go. Still, I haven't heard of any compromises due to CentOS update delays relative to RHEL, so as always, life is a cost-benefit analysis.

@Wolf Paul: CentOS promotes itself as an Enterprise OS. If they cannot provide security patches on a timely basis then they don't belong in the enterprise and the name is misleading.

Scientific Linux is not a Fermilab project. It is a project of many laboratories and universities around the world with the backing of multiple governments. Why focus on Fermilab and not on CERN? What makes Scientific Linux a much more acceptable choice is the fact that they do meet enterprise standards, including getting patches out promptly. I also think it's laughable to make the assertion that a product with the support of and which is used by the two largest nuclear laboratories in the world is somehow no more reliable than one made by a small group of volunteers.

@Karl O. Pinc: You bring Debian as an example of why organizational backing is unnecessary and yet I included that as acceptable because of the foundation behind it and its ability to raise funds. You bring Apache as an example and they have corporate funding. You make my argument for me and then say I need to rethink my conclusion? You are arguing that a handful of volunteers is better than stable corporate or organizational backing. On what planet is that? Not the one I live on.

Once again, try and sell community support and a volunteer project to IT Managers and business owners and see how far you get. The whole premise of this article is *enterprise and business* use. Perhaps you need to do some rethinking.

@Bill McGonigle: I didn't know why White Box Linux disappeared. In reality that is a pretty irrelevant point. he fact is that a small group of volunteers can be "destroyed", to use your words, by a natural disaster like Hurricane Katrina. A large, stable company, a government, or a series of laboratories and universities cannot be. You are illustrating my point beautifully.

CentOS may be widely distributed but, again, that is irrelevant. The costs of not having timely security patches or having to go upstream to me clearly outweigh any benefits of running CentOS rather than Scientific Linux or anything else that can provide a secure OS.

I still feel like a lot of you are defending what is clearly indefensible. It reads like circling the wagons around CentOS. It may be your favorite pet project but that doesn't make it really acceptable for business or enterprise use.

where do you people get the energy to keep bickering? use whatever you want. jeez

While I agree about Debian being could be in theory more or less adequete for corporate support (ie they could if they did the things right I cannot honestly recommend it as a server for a mission critical work in a commercial environment (ie _not_ in academics but companies who have to sweat their money through). WXhy? Because of what happened a few years ago when Debian went from some X to X+1 verwion: they announced just two weeks in advance that they would discontinue support from the old version, security updates included. The argumentation was: "our update system is so good there will be no problem. Real. Promised". Ah? What about inhouse applications? What abaout some comerrcial application no Debian packager has ever put its hands on it? What if this falls just during the month your company makes 90% of the sales in the year? What will management tell if you propose a such change in a such critical moment? Is it acceptable to have so little time for moving up and testing when your job and perhaps company survival is at stake? For me the answer was no. From distan,t memories Debian people folded partially but for me the damage was done: when you are aiming to be a distribution for servers in "serious" institutions you don't even think in giving your users just two weeks to upgrade. Period. I will tell another look at Debian in ten or twenty years.

Having a lot of people available is necessary but not enough in order to be an enterprise class distribution. You also need people who aren't arrogant and understand and care for their users.

Any comparison on CentOS, Ubuntu and OpenSuse ?

@JFM

Debian supports old stable versions 1 year since the release of a new stable version. They also announced, last month, they are changing their release cycle into a time-based one, of 2 years.

http://lists.debian.org/debian-announce/2009/msg00009.html

To sum up, stable releases have a 3 year support updates. Upgrading system is in fact very well tested and works very nice for production servers (this a point in which Ubuntu isn't very accurate). In my personal experience, I happen to manage 2 Linux HP servers which I've been upgrading since Debian 3.1 (3.1 -> 4.0 -> 5.0).

Greetings!

@JFM

Debian supports old stable versions 1 year since the release of a new stable version. They also announced, last month, they are changing their release cycle into a time-based one, of 2 years.

http://lists.debian.org/debian-announce/2009/msg00009.html

To sum up, stable releases have a 3 year support updates. Upgrading system is in fact very well tested and works very nice for production servers (this a point in which Ubuntu isn't very accurate). In my personal experience, I happen to manage 2 Linux HP servers which I've been upgrading since Debian 3.1 (3.1 -> 4.0 -> 5.0).

Greetings!

Interesting. Of course, having corporate entites behind something is no guarantee of stability. Much of the recent MySQL instability is directly attributable to corporate instability, while PostgreSQL has no corporate ownership and has no great project stability problems.

I think it's more a case that keeping something like a RedHat clone alive and up to date is distinctly unsexy - it's very prosaic in fact, and I suspect it's quite difficult to keep a large band of volunteers enthused for such a task. That's why having entites like CERN and Fermilab behind Scientific Linux is important.

By Caitlyn Martin on August 6, 2009 2:21 PM

"@Richard Steven Hack: You may want to get your facts straight. Sun was purchased by Oracle, not Novell."

That was obviously a typo.

"That also doesn't mean the end of Sun products, does it?"

We'll see. And I wasn't talking about everything Sun does, I said openSolaris. It's not clear Oracle will support that as well as it does it's own Linux.

"How is Canonical not a serious company?"

Their QA testing sucks. They did a release a while back that wouldn't let you leave the mount point modification screen. That means the entire install process was never tested. What does that tell you about that QA?

"How do distributions like Scientific Linux, which is supported by an international group of research institutions and universities which, in turn, are funded by major western governments, not qualify in your mind as having sufficient backing when Red Hat and Novell do?"

How many people actually work on Scientific Linux? How much money is actually spent on developing and maintaining it compared to Red Hat and Novell?

"How does Pardus, which is backed by the Turkish government, not qualify? Only two distros meet my criteria? Try dozens."

Oh, yeah, I can see General Motors relying on a Linux backed by the Turkish government! Please...

"How is CentOS OK for business if they have a history of not getting security patches out on a reasonably timely basis? Even one of their developers agreed that needs to change in comments above."

And it may well change next week. If so, will that change your mind? Bet not.

"Disagree all you like. Claim that businesses "don't get" FOSS all you like. The fact is that those of us who make a living selling and implementing FOSS have to do so in terms business understand."

The reality is that for many businesses you will knock your head against a brick wall trying to get them to understand what "freedom" and "flexibility" means. Which is more important than whether a security update gets there this week or next week. Especially when most corporations have a security posture which is a sieve in more places than the latest obscure OS patch.

The reality is CentOS is no worse than any other Linux distro in terms of security and reliability and usability in a corporate environment.

Jesus Christ, Microsoft has unpatched vulnerabilities and only releases patches once a month (with occasional exceptions) and yet because CentOS is a little late with some patches, they aren't suitable for corporate use? When Microsoft is the number one security problem in the entire industry (next to end users themselves?)

Does anybody else see how completely ridiculous this concept Caitlyn is promoting is?

@richardstevehack: You are defending the indefensible again. Nobody in their right mind would use Microsoft as a standard to judge security by.

I also never suggested Scientific Linux is on par with Novell or Red Hat. I said they are a safer choice than CentOS. Big difference. Scientific Linux gets security patches out on time. CentOS does not. CentOS is a small group of volunteers with no funding. Scientific Linux is backed by universities and laboratories around the world which use the product. How hard is it to understand the difference?

I also never suggested Pardus as a replacement for Novell or Red Hat. I only used it as an example of a distribution with government support. A General Motors type company would almost certainly go with Red Hat or Novell. They wouldn't go with a community, volunteer project like CentOS. Oh, and GM does depend on all sorts of suppliers and production in all sorts of countries, so an IT product from Turkey is far less of a stretch than CentOS.

A week is not long enough to judge a change in security patch delivery after a year or more of failure, so in that sense, you are correct. I won't change my mind in a week. However, in a year if CentOS has a solid track record I will consider the security problem solved. If they have gone out and obtained corporate or institutional backing I would even recommend them at that time. These really are objective standards.

"The reality is CentOS is no worse than any other Linux distro in terms of security and reliability and usability in a corporate environment."

If you really believe that after a year in which patches were as much as two months late then I can't convince you of anything. Did Red Hat have problems like that? Novell? Canonical? Scientific Linux? Debian? No, not one of them had problems like that. Heck, even VectorLinux has a better track record than that and I would never recommend Vector as an enterprise OS. How can you possibly make such a claim?

I'd bet more sane, knowledgeable IT professionals find your post ridiculous than my recommendations.

Too many companies are using CentOS, it's a godsend for Redhat because it means people don't need any other distro, they just basically run redhat, with or without support.

CentOS has such a large traction now, that it should never die because enough people around the work have an interest in keeping it going.

The over-hyped squabble over who owned the domain name wasn't even worth mentioning, let alone re-considering CentOS as the premier free Enterprise class distribution.

If anything, CentOS has finally penetrated so many environments that if anything it will get better and stronger just as Redhat has proven to have done despite the recession.

Hi,

I work at an ISP which uses centos as its only linux distribution on all its servers. i have tried other distros and the only thing i would like to add is in regards to your comments about security. a bug fix on firefox? well i dont have firefox installed on any of my servers, so i really dont care if it took a week or more for a patch to come out. i cant exactly reboot a server every time a new patch or update comes out, as it causes downtime to my clients. In fact i dont update anything. which brings me to the reason i am using cent. its stable. it does what i want. its simple to use and it works. im sorry but i wont even give scientific linux a go, the name itself just sounds, well i hope you understand.. this is computers, not science. i want something that works and that isnt a toy! something that doesnt need to be updated or patched. with cent, i get the impression that the dev team wait a week because they want it to work, and they want it too work right. how many times have i heard a security patch being released, then days later a patch is released because they got the security update wrong??

cent - thanks. my business changed the day i installed you!

@Daniel Morgan: You might have been better served if you read the article and the previous comments before writing a comment of your own. Firefox is not and never was the issue when it came to updates. It was an example. As was written before CentOS has, at times, been two months or more late with patches: patches which apply specifically to servers.

So... you, at an ISP, don't care if your servers are insecure and have known vulnerabilities? You remind me of a hosting company I once used. They didn't secure their mail server and my identity was stolen as a result. Why don't you let us know which ISP you work for? I think my readers would like to know. I think if we knew we'd avoid your company like the plague. No, not because you run CentOS, but because you don't keep your servers secure.

Scientific Linux isn't a toy. You're calling it a toy because if the name? It was developed at two of the largest nuclear research laboratories in the world. It seems to me they need security as much as anyone if not more.

Sigh. The mixture of foolishness and argumentativeness of the outside commentators on this blog is quite disheartening.

Caitlyn was right in highlighting all the shortcomings of CentOS, but definitely wrong on the recommendation that she made in terms of making businesses use something other than CentOS. CentOS has a huge installed base and behaves exactly like a RH clone that is is 100% compatible. SL on the other hand has so many things that are different and rightfully so because of the base they serve. CentOS serves the hosting companies and ISPs to some extent reliably. I know this because I work for a hosting company. I have not heard of a wholesale attack of some shortcoming of CentOS that has knocked those companies off. To come out and endorse SL or some other EL based on a couple of over hyped scenarios and bug fixes to some irrelevant applications seems too rushed in my judgment.

tommy

@tommycat95: How is a year of being at times two months late with critical patches an example of "over hyped scenarios"? Can you explain that to me? How is CentOS reliable if they fail to deliver patches? Even the developers acknowledge that was a serious problem.

Have you actually run Scientific Linux? It is 100% RHEL compatible and does what RHEL does just as CentOS does. As far as I can tell they only add extra packages which you are under no obligation to install. What are the "many" things that are different? Can you tell us about them?

Please, let me know which hosting company you work for so I can make sure I never use your services. I think my readers will want to know too. Nobody wants their websites hosted on insecure servers.

@tommycat95

Being "knocked off" is not the only bad thing that can happen as the result of a security failure. It seems to me that a bad guy who has compromised a server is more likely to allow it to continue functioning normally until the right time (or until he sells control of it). So your comment that you have 'not heard' about a problem is an utterly meaningless statement...neither the bad guys nor the owner of a compromised server has any incentive to tell you anything.


I used to install RHEL on my companies servers. I realize I'm probably the exception, but I'm currently migrating towards Solaris and FreeBSD and away from Linux as much as possible. And the way Red Hat's sales folks have treated me has caused me to switch to CentOS where I need it and I haven't looked back. For us, it meets the needs perfectly.

All this paranoia about corporate backing feels silly.

Oracle is derived from CentOS . If CentOS was to die, Oracle would just shift OpenSolaris developers over to Oracle EL to handle the work instead .

@MoChaMan: If you are referring to Unbreakable Linux, it is based on Red Hat Enterprise Linux. CentOS is just a free RHEL clone. Oracle doesn't need CentOS to continue Unbreakable Linux.

Their flagship database product is developed on Linux, not Solaris. Shifting to OpenSolaris would not be trivial for them and is unlikely to happen. In any case Oracle is not dependent on CentOS in any way, shape, or form.

First, I didn't read every last post, it got tiring after a little while of people trying to bash each other.

I don't know...I can't believe this discussion is still running actually...I work for a global company running a mixture of OSs: Windows 2003/2008 for Unified Communications, AD, Exchange,**Favorite MS App Here***; Solaris for backup needs(ZFS rocks in my humble opinion ); RHEL and CentOS for Oracle. Bottom line is: You use whatever tools can do the job.

Caitlyn has changed her views, which is disheartening, but she at least had the decency to write out this article pointing out some of the things that CentOS could look at to make themselves better. On top of that, do you all believe CentOS is doomed to fail now that she's declared she'll no longer recommend it to the clients she supports? That's more absurd than some of the arguments being made on this article. Support what you're comfortable supporting people. Instead of saying "you're wrong", why don't we see what could be fixed.


Now to go off-topic:
@Caitlyn: I understand your article is not just about updates and security patches but since you did devote a paragraph to it...When RHEL releases an update, they also release the SRPM for that patch the same day. I'm hoping anyone who is administering a Linux box can build a SRPM! If you're desperate to get the update in place you don't need to wait even the 24 hours it took Scientific Linux to release a package, just build it from source. When the official patch/security update comes out, uninstall your built package and install the official one if you so choose, if it took CentOS a year to roll out the update it wouldn't matter so you're updated. :)
Also, I'm not sure if it's widely practiced, but updates and patches for any OS should be tested in a dev environment before rolling out. So still, it might be a week(or less of course if it is critical) to implement a patch that was made available because we have to ensure all our services we provided to our clients and users can still work.

In ending, I would like to thank you for the article on CentOS's shortcomings, I hadn't really given them much consideration before...and I hope in the future you'll give CentOS another chance to make you a believer again:)

All business people should use Red hat/Unbreakable Linux. Make those Linux firms more richer. Let them thrive by making good Linux so that all other Linux users will get quality Linux package from them through their clones.If you care more about timely patches/updates, spent some money to get it. Adore those developers who help non-business community to use high quality OS, never try to criticize them or compare them because they are noble men with a great vision, let us help them to accomplish their mission to serve their community. Let the user select the Linux OS for their domain. As a developer I have been using every flavor of Linux, all are good to their intended application.We users never bothered about who manages a particular distribution, all we know that it is Linux.

I love CentOS!

I keep pressing my managers of my tiny company to make a contribution - I think I have them convinced that a small donation is MORE than justified.

Keep up the good work CentOS team!

First, I want to congratulate you for your fairness (the best fate for a prediction is to be .... forgotten...).
I am a very happy user of Scientific Linux at home (ships almost everything I need; the rest can be compiled) ... and a slightky less satisfied user of Centos at work (my colleagues keep on needing new softs, and I like compiling *for me*, but it would be a waste of time for their needs -as they might have added by themselevs sofs-.

Being part of an institutional structure does not seem to be always an advantage: if the structured team of Scientif Linux was ordered to give up distributing SL (it is not part of their mission, I suppose -little to do with nuclear physics- and their mission justifies that this team is paid), they would obey, as a institutional structure does....
Basing predictions of the future of Centos on the fact that they are not structured, and comparing them to SL for this reason is therefore not convincing.
Have a happy new year -and more-(though I mostly disagree with what you write, you spread very good ideas, sometimes for good reasons, sometimes for bad ones).

Caitlyn Martin:

now that the dust has settled, and SL 6.0 is out;

do you want to take another shot on this? :-)

thanks;

Andrei

Andrei, yes, I want to update this and I am planning to do a follow-up article. Recently my business has been doing very well and time for writing has been limited. Hopefully I can get to it soon.

Yeah, i agree with Andrei, But we need to wait until the CentOS 6 will be released!
But "Ohhh" again - nobody knows when it will be released! ;)

I've been a fan of CentOS for a long time and have appreciated their work. I didn't see your article when the dust-up with Lance Davis was taking place but I was very concerned at the time.

I'm less comfortable with Scientific Linux as they are backed by a government organization, but I've made the switch. The past 5 months watching CentOS, to me at least, dramatically underscore the main point of your article.

I hope you're able to find time to revisit this subject as I appreciated your writing. Both in quality and lack of drama.

Best regards,
John

I've been a fan of CentOS for a long time and have appreciated their work. I didn't see your article when the dust-up with Lance Davis was taking place but I was very concerned at the time.

I'm less comfortable with Scientific Linux as they are backed by a government organization, but I've made the switch. The past 5 months watching CentOS, to me at least, dramatically underscore the main point of your article.

I hope you're able to find time to revisit this subject as I appreciated your writing. Both in quality and lack of drama.

Best regards,
John

I've been a fan of CentOS for a long time and have appreciated their work. I didn't see your article when the dust-up with Lance Davis was taking place but I was very concerned at the time.

I'm less comfortable with Scientific Linux as they are backed by a government organization, but I've made the switch. The past 5 months watching CentOS, to me at least, dramatically underscore the main point of your article.

I hope you're able to find time to revisit this subject as I appreciated your writing. Both in quality and lack of drama.

Best regards,
John

For me CentOS was the OS of choice for the last 4 years. Reliable, up to date (with a short delay from RH), etc. But I noticed CentOS is becoming out of sync with RH. Not sure the reason, but RH 6 has been out for many months, Oracle and SL released their versions of Linux, but CentOS is behind. What is going on? I never used SL or Oracle. I heard if you use Oracle you won't be able to update as you need a paid subscription, so that is ruled out. I will try SL, but I am not convinced it will be better or same as CentOS in terms of compatibility.

To sum up: CentOS looks dead ! (for now).

Cheers!

Ivo

I'm not understanding the vehement defence of CentOS's track record of releasing patches months late. If CentOS is truly a 100% RHEL clone, why is someone on the CentOS team unable to download the SRPM, rebuild it, and stick it in the CentOS updates repository?

There have been comments about the team wanting to "get it right." What is there to get right? The aim is to be 100% RHEL-rebranded, that means there's no more work to actually do. Rebuild the SRPM and ship it out the door. If the goal is to be 100% RHEL-rebranded, that means relying on Red Hat to "get it right," and if they don't, then in order to be 100% RHEL-rebranded (I sound like a broken record here) CentOS needs to duplicate RHEL behavior *bug-for-bug*. If the goal of CentOS is to be a free RHEL clone, then they should be adding *zero* value (ie; doing no work) to patches aside from that rebranding.

The CentOS team has already identified those packages targeted for re-branding, the rest should be straight RHEL packages. While it's understandable that there may be *brief* delays in the release of patches that require rebranding work, for all others there is absolutely nothing more for them to do than rebuild the SRPM and push it out for download. Their end users shouldn't have to be doing this work for them millions of times over.

I've used SL5 for many years on my desktop. There were NEVER problems. Maintainance was SO easy. Of cource SL6 runs out of the first Minute on an new machine. My Server runs with CentOS 5.6. After many months running SL6 with EPEL and ELREPO I can say that SL6 on my new workstation was the best choice ever. PackageKit makes it SO easy maintaining the machine. If CentOS6 will be as same as far away, my decision is to install SL6.1 on my server. The main reason is: I can be SURE that SL comes consequently with updates. For many years. The communication out of the CentOS team ist no the way I can accept. So I must change. I'm not a developer. So I must see the realities for having securely working machines for me and my people having not too much work with it. And SL is much fun.

If CentOS is really a big community I can't understand that CentOS is so far behind. I can't believe.

News Topics

Recommended for You

Got a Question?