reviving Fedora Legacy

[David Woodhouse]

On Mon, 2008-10-13 at 14:29 +0200, Patrice Dumas wrote:
> On Mon, Oct 13, 2008 at 01:18:01PM +0100, David Woodhouse wrote:
> > 
> > I understand that there is a market for a Fedora-based distribution
> > which doesn't receive megabytes of updates each week, and which is
> > supported for longer than a year.
> 
> What have been proposed so far doesn't solve the 'which doesn't receive
> megabytes of updates each week' part, only the 'supported for longer
> than a year' part.
> 
> > What I _don't_ understand is why these requirements are not met by
> > CentOS. Isn't that _precisely_ the 'market' that RHEL and CentOS exist
> > to serve?
> 
> Because it is not the same as you stress yourself. Centos is clearly not
> the same than 'Fedora-based distribution which is supported for longer 
> than a year'. It allows to use innovative technologies while not being
> forced to update each year.

This is the part I have difficulty understanding. You want to use new
and innovative technologies, but you don't want to update your nice
stable system?

Do you want a perpetual motion machine with that too?

You're right -- you are offered updates, or you are offered stability,
and there isn't much of a middle ground. But that's just reality.

> > As I see it, there is a continuum of sorts -- from the daily churn of
> > rawhide, through the less anarchic but still considerable churn of the
> > latest Fedora release (currently F9), to the more conservative set of
> > updates for the previous release (F8), and then a bit of a jump to the
> > long-term stagnation¹ of RHEL/CentOS. You can pick whichever one you
> > like, according to your needs.
> 
> The last jump is not realistic in all cases. What should F6 user jump
> to? Centos 5? Centos 6? And F8 users?

F6 is basically RHEL4/CentOS 4 for the most part, isn't it?
And F8 would probably be closest to RHEL5/CentOS 5.

> The proposal is not to create a new distribution, but simply have
> EOLed branches acl removed and leave the possibility to build and push
> the results, with a limitation of the changes to grave bug fixes and
> security issues.

So no new innovation then? And you'd want to do this for _every_
six-monthly release of Fedora? Surely that's a whole boatload of effort
you don't need? Why not just do it for every other release? Or, perhaps
more usefully, every third release -- a new one about every 18 months?

I see no fundamental reason why we should _forbid_ people from doing
security updates for packages in EOL distributions, although I'm very
wary of the expectations that it would create. If we ship
official-looking updates for _some_ security bugs, naïve users will
quite reasonably expect that they'll be receiving updates for _all_
serious security bugs, and our "You are unsupported; you need to upgrade
before you get hacked" message will be compromised.

I also think that with a niche market that small, between Fedora and
CentOS, you are unlikely to get enough volunteers to keep it viable --
isn't that what happened with Fedora Legacy last time? 

> (That being said, it is also possible that 'which doesn't receive 
> megabytes of updates each week' issue may deserve to be looked at, but
> it is a different issue).

That and/or ensuring that the packages you miss in CentOS are actually
in EPEL.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation