全部博文(168)
分类: LINUX
2013-03-21 18:11:05
I’ve been asked by a lot of people why I switched from Centos to ScientificLinux.
My feeling was that ScientificLinux delivers security updates faster and more reliably, but feeling is not a good adviser when it comes to security. So I sat down and created a LibreCalc sheet to check how long it took between the RedHat security update release and the corresponding release of Centos and ScientificLinux. Because now Oracle offers free updates for OL, I added OL to the list.
I took all the security updates available from an uptodate RHN Satellite, export its erratas into an csv-File and add the release times from Centos, ScientificLinux (SL) and OracleLinux (OL). I took the create file time stamp from the main FTP-Server, as the release time for Centos and SL. . I checked some of the erratas with the security announce mailing list and found no difference. I did the same with OL, but I realized that Oracle don’t use the release time as FTP timestamp. For RHSA-2012:0426 I check the Oracle-FTP-Server at the 28th and no package was available, recheck 2 days later and it was available and the timestamp was from the 27th. I kept the timestamps in my list, but don’t trust them. I was thinking about writing a script to analyze the security mailing lists, but I don’t have time for that.
I only checked the erratas from 1. October 2011 to 1. April 2012. Two updates were ignored. RHSA-2011:1328 because it was only an update to an errata and RHSA-2011:1531 was replaced by RHSA-2011:1777 on the same day.
During this time red hat released 78 erratas and I used 76. The average delay for Centos is 6.58 days and for ScientificLinux is 1.33. In December 2011 Centos finally got his build environment and released both 6.1 and 6.2 in little over one week. Centos really picked up momentum. If you look at the updates between 1.Jan and 1.Apr 2012 the numbers are very close together with 1.27 for Centos and 0.97 for SL.
The choice of SL vs. Centos is really much harder today. But I switched and I don’t see a reason to switch back. If you use Centos 6, from my perspective there is no reason to switch anymore.
is the libreOffice Calc sheet. I don’t guarantee for the dates, I worked as best as I could. If you find a mistake or have something to say, don’t hesitate to write a comment.
IIRC Scientific Linux released version 6 before CentOS, but neglecting to update 5.x in that process. CentOS team decided that updates for 5.x was a priority before dedicating more time to the 6.0 build infraestructure. I could be wring but that is what I understood. As someone with 5.x in production, no matter how I wanted to have 6.0, I appreciate the decission of the CentOS team that 5.x must be a priority
Good work. Very useful. I would have expected that this is available somewhere already (on lwn.net for example), but maybe not.
@Robert
Actually, there was a time when CentOS failed to update either 5.x or 6.x packages for quite a while. On the other hand, Scientific Linux has had more consistent security updates.
“CentOS has issued no updates, but the 5.7 release will contain a large
number of updated packages making up for the lack of CentOS 5 updates
for almost two months. CentOS 6 remains without any updates at all. “
How does the PUIAS version of RHEL compare
with CentOS and Scientific Linux?
Background for the question.
Here at Georgia Tech, we have used an
“in-house” version of RHEL for a number
of years, but with mathematics software
(Maple, Mathematica), upstream openoffice,
Firefox, multimedia codecs, etc. added.
Our version is not publicly available,
at least not in the past.
This year, the Georgia Tech version is using
some bits from the PUIAS version, which is
accessible to all. For example, this email
is sent from a machine running the 6.2 version, with all the updates and add-ons
mentioned.
How does the PUIAS distribution of RHEL compare with CentOS and
Scientific Linux?
Background. Here at Georgia Tech, we use an “in-house” version of RHEL,
with a number of upstream add-ons + mathematical software (Maple
and Mathematica), multimedia codecs, etc. Our development team has
been exploring the degree to which our efforts could be linked to the
PUIAS effort. Because of our add-ons, I doubt the Georgia Tech version
would be made available to the public … but PUIAS is open to everyone.
@William: I never used PUIAS before. And I didn’t have the time to test all RHEL Clones. If you want to extend the Calc sheet, I would update the page with your results.