• @yarn@sopuli.xyz
    link
    fedilink
    261
    edit-2
    9 months ago

    I haven’t been really keeping up with this RHEL drama, so I’m probably going to regret making this comment. But about this bug merge request in particular, you have to remember that RHEL’s main target audience is paying enterprise customers. It’s the “E” right there in RHEL. So stability is a high priority for their developers, since if they accidentally introduce a bug to their code, then they’ll have a lot of unhappy paying customers.

    The next comment that was cropped out of that screenshot basically explains exactly that. While the Red Hat developers probably appreciate the bug fix, the reality is that the bug was listed as non-critical, and the Red Hat teams didn’t have the capacity to adequately regression test and QA the merge request. But the patch was successfully merged into Fedora, so it will eventually end up in RHEL through that path, which is exactly what the Fedora path is for.

    The blowup about this particulat bug doesn’t seem justified to me. Red Hat obviously can’t fix and regression test every single bug that’s listed in their bug tracker. So why arbitrarily focus on this one medium priority bug? if it were listed as a critical bug, then yes, the blowup would be justified.

    • exu
      link
      fedilink
      1349 months ago

      In its blog post Red Hat specifically called out downstream distributions for not contributing anything to the development of RHEL and that they should be making fixes to CentOS Stream. Well, this is a fix for CentOS Stream and Red Hat still doesn’t care. They just don’t want community contributions.

      • @yarn@sopuli.xyz
        link
        fedilink
        299 months ago

        CentOS Stream is the staging ground for RHEL. It isn’t a bleeding edge distro that can accept any merge request willy-nilly. For the reason why, reread my original comment about the nature of enterprise support.

        Fedora is the distro that is more bleeding edge in the RHEL realm. This merge request was more suited for Fedora, and the fix was successfully applied to Fedora. So, I fail to see any irrational actions from Red Hat here.

        • @Flaky@iusearchlinux.fyi
          link
          fedilink
          English
          249 months ago

          Sounds to me like they messed up the communication between them and the devs. If they directed the PR submitter to Fedora, I think there wouldn’t be as much fuel to the fire.

          Granted, all the chaos surrounding RHEL does make me a little worried for Fedora. Fedora is not a bad distro by any means, and I don’t want to have to not recommend it because of the drama.

          • @Qvest@lemmy.world
            link
            fedilink
            English
            59 months ago

            The only thing Red Hat has power over Fedora is its name and infrastructure. Red Hat can’t decide for Fedora. Do they have Red Hat employees working for Fedora? Yes, they do, but the employees decide for Fedora, not for Red Hat. Besides, all the telemetry drama is being sorted out in the most open way possible over on Discourse (Fedora Discussion). It is still a 100% community distribution despite a lot of people saying “it is already decided” “Fedora is doomed” etc.

        • @Zeth0s@reddthat.com
          link
          fedilink
          6
          edit-2
          9 months ago

          Why would they accept PR at all if they don’t have a robust testing process and approvals are dictated by customers needs?

          The message as it is now to potential contributors is that their contribution in not welcome, unless it’s free labor that financially benefits only ibm.

          Which is fair, but the message itself is a new PR issue for red hat

          • @yarn@sopuli.xyz
            link
            fedilink
            69 months ago

            They do have a robust testing process, but their main focus at the CentOS Stream stage is more about preparing for the stable RHEL build than it is about adding a ton of new features and bug fixes. Testing takes time so it would be physically impossible for them to test everything if they didn’t have a limit on the type of contributions they accept. For bug fixes, their limit is that the bug has to be critical. For bugs lesser than that, the correct place to contribute those fixes is in Fedora.

            That has been adequately explained in the merge request at this point, if you click in that link at the top of this thread amd read through it to get the latest info. The Red Hat devs have also made no indication that they’re not welcome to contributors. Anyone who’s saying that is blowing this merge request issue out of proportion.

            • @Zeth0s@reddthat.com
              link
              fedilink
              0
              edit-2
              9 months ago

              I read it, and I read the messages from the devs. The communication issue I am trying to point is also highlighted in the comments: if the decision on merging a PR is uniquely dictated by financial benefits of IBM, ignoring the broader benefits of the community, the message is that red hat is looking for free labor and it is not really interested in anything else. Which is absolutely the case, as we all know, but writing it down after the recent events is another PR issue, as red hat justified controversial decisions on the lack of contributions from downstream.

              The Italian dev tried to put it down as “we have to follow our service management processes that are messy, tedious and expensive” but he didn’t address the problems in the original message. The contributor himself felt like they asked his contribution just to reject it because of purely financial reasons without any additional details. It is a new PR incident

              • @yarn@sopuli.xyz
                link
                fedilink
                19 months ago

                I don’t know what to tell you. This change was more appropriate for Fedora and developers are bad at PR is basically the simplest way to put it.

      • jerry
        link
        fedilink
        -29 months ago

        Not having resources to test it right this second isn’t “doesn’t care” it’s just a lower priority.

      • @yarn@sopuli.xyz
        link
        fedilink
        29 months ago

        CentOS Stream is midstream of RHEL and Fedora. That sounds like it’s like a cert type of environment for RHEL. The same logic would apply there. You don’t want to be introducing a bunch of new changes to code once it’s in the cert environment unless they’re critical.

    • @angrymouse@lemmy.world
      link
      fedilink
      45
      edit-2
      9 months ago

      But it is also another stab in the community, they took centos that was a community project for them, then transformed this project that was downstream to upstream, then called all other downstream distros a negative net worth cause they don’t engage in the process of RHEL, then blocked the acess to this distros to the downstream, then reject the work of this ppl they called net negative without a decent process.

      What actually red hat wants?

      Centos now is only a beta branch? Ppl who wants derive from centos should be fixing everything downstream and duplicate work cause centos now is just an internal beta from red hat? If yes, why they took the project from the community? I’m not a rpm based distros user but I totally understand why ppl are pissed.

      • @digdilem@feddit.uk
        link
        fedilink
        3
        edit-2
        9 months ago

        What actually red hat wants?

        All the control and all of the money.

        Besides that, I suspect they have no clear vision. And if they do, they are absolutely terrible at communicating that.

      • @yarn@sopuli.xyz
        link
        fedilink
        19 months ago

        I’m making no comment on CentOS being absorbed and repurposed by Red Hat. I’m just saying it makes sense why Red Hat would rather have this fix in Fedora than CentOS Stream.

        • @angrymouse@lemmy.world
          link
          fedilink
          149 months ago

          I’m making no comments about you making or no comments on centOS being repurposed. I’m just saying that this blown-up is probably caused by a mixture of miscommunication between RHEL and a community that feels like being tossed aside, I just said that because you said that you felt unjustified.

          • @yarn@sopuli.xyz
            link
            fedilink
            09 months ago

            I’m getting downvoted on my comment about not making a comment on CentOS, so now I feel obligated to reply to this.

            I don’t know, dude. I don’t really care about the miscommunication. I was just focusing solely on the merits of the merge request’s code changes.

            For the miscommunication, it seems like a two way street to me. That was GitLab, so the Red Hat dev was probably operating under the assumption that people there already understood everything about their testing process. But obviously that’s not the case, so Red Hat should create better boilerplate responses for these scenarios. But on the other side of the coin, whoever took this screenshot and posted it to reddit or wherever did so prematurely, imo. They should’ve asked around a bit to make sure it was a legitimate thing to blow up about before they sent a lynch mob to the merge request.

            • @yarn@sopuli.xyz
              link
              fedilink
              39 months ago

              I’m still getting downvoted, so I’m just going to put this here and be done with this:

              RTFM about DevOps

            • @angrymouse@lemmy.world
              link
              fedilink
              2
              edit-2
              9 months ago

              I’m getting downvoted on my comment about not making a comment on CentOS

              I don’t think so, you are probably getting downvoted because you said exactly this:

              The blowup about this particulat bug doesn’t seem justified to me.

              And seems somehow offended that I replied to this statement trying to explain (not necessarily justify)

              • @yarn@sopuli.xyz
                link
                fedilink
                3
                edit-2
                9 months ago

                I’m getting downvoted because I’m not conceding that the miscommunication was a legitimate excuse for that blowup. And I’m going to continue to not concede that. I found this whole situation to be embarrassing, and I think instead of getting mad at the miscommunication, you should all be getting mad at the moron who took that screenshot and whipped up the mob frenzy to swarm that merge request, because ultimately Red Hat was 100% justified in not accepting that merge request, and it made you all look like morons.

                It’s fine to get mad on social media, but if you’re contributing to GitLab or someplace else, then you need to slow your roll. There’s always a process involved when contributing to a project, and you have to learn that process in order to contribute effectively. You can’t blow up and whip up a social media frenzy at the slightest inconvenience.

                Edit: Sorry, @angrymouse@lemmy.world. I should also add that I’m not mad at you personally or anything, or calling you a moron. I’m more talking about the collective response to this situation. And I’m pretty bad at words, so I feel like I accidentally made it too angry.

    • Marxine
      link
      219 months ago

      That could have been better communicated though. What you said is reasonable, what Michal said isn’t as much.

    • @FlexibleToast@lemmy.world
      link
      fedilink
      159 months ago

      Fedora is where this sort of thing is supposed to go. That’s been Red Hat philosophy since forever. Patch as high upstream as you can. Sounds like this is a non issue.

      • @Zeth0s@reddthat.com
        link
        fedilink
        29 months ago

        The Apparently is already patch on fedora… Just reporting other comments in this thread. But why do they accept contribution to centos of they don’t want patches that are not economically beneficial to the company? It is a pretty bad message written as this

    • @digdilem@feddit.uk
      link
      fedilink
      69 months ago

      Agree on point of detail, but the “drama” is the reason for the fuss. Redhat’s communication, especially to the community that helped build and support it, has always been patchy, but over the past few years it’s been apalling. As others have pointed out, they’ve insulted a lot of us, specifically for not contributing upstream - so it’s not unexpected for them to be called on it when someone does.

      I think the EL sphere as a whole (including RHEL and all up and downstreams) is getting drastically weakened directly because of Redhat’s poor decision making, and that’s a shame for all of us.

  • 𝘋𝘪𝘳𝘬
    link
    1479 months ago

    “Your code has an issue here’s a fix for that”.

    Corporate: no.

  • @PhysicsDad@lemmy.world
    link
    fedilink
    1479 months ago

    Wasn’t Red Hat just complaining that Alma and Rocky didn’t add value because they weren’t submitting fixes upstream?

    • @gomp
      link
      349 months ago

      Its funny how podcasters and commenters seem to have taken Redhat’s spin about “contributing value to the community” seriously, while to the rest of us the whole thing was obviously only about money (same as all the follow-ups from other parties… I would say “including Alma” but that would probably deserve its separate debate).

        • conciselyverbose
          link
          fedilink
          129 months ago

          Exactly. “Oracle freeloading” isn’t through some loophole they’re exploiting. It’s the core premise of the license to allow them to do exactly that.

        • @vampatori@feddit.uk
          link
          fedilink
          109 months ago

          Red Hat saying that argument in-particular shows they’ve pivoted their philosophy significantly, it’s a seemingly subtle change but is huge - presumably due to the IBM acquisition, but maybe due to the pressures in the market right now.

          It’s the classic argument against FOSS, which Red Hat themselves have argued against for decades and as an organisation proved that you can build a viable business on the back of FOSS whilst also contributing to it, and that there was indirect value in having others use your work. Only time will tell, but the stage is set for Red Hat to cultivate a different relationship with FOSS and move more into proprietary code.

    • @pazukaza
      link
      -18
      edit-2
      9 months ago

      — “we don’t like people ripping off our work without any added value”

      — “Here, let me push this to your staging environment, totally breaking your quality process”

      — “No”

      — “Well, what the hell do you want broo?”

      I don’t think they have ever hidden the fact this is about money. I don’t like the fact this is about money, but the fact that others were cloning and selling their efforts for a cheaper price is awful.

        • @pazukaza
          link
          -29 months ago
          1. they are not breaking any law. This is totally allowed. You can use FOSS to create a commercial product.

          2. they are major contributors to the Linux space. And they’ll keep contributing.

          3. It’s their effort, they created a business around it, and it cycles back to push Linux forward.

          4. this isn’t even going to affect average users. This is going to take money from companies that probably have the money to pay. For other companies, there are other distributions available.

            • @pazukaza
              link
              -4
              edit-2
              9 months ago

              Well, the re-builders would be breaking the law now that the source code isn’t available for non-paying customers. They weren’t breaking the law before.

              So, do you expect every company to release the source code of their products just because they used a FOSS web framework or a FOSS programming language like Python? Or by the same logic, for companies to release the source code of their products if their developers use Linux in their development machines? Or if they use Linux to deploy their applications in the cloud? That’s such an unreasonable position.

                • @pazukaza
                  link
                  -2
                  edit-2
                  9 months ago

                  OK, so is Redhat breaking any license? Do you really think a company like Redhat would open itself to thousands of lawsuits like that. The CEO already explained that this is totally legal and covered by GPL. They are in fact distributing the source to the people receiving the product. This is exactly what GPL says. They are not forced to open the source code to people who aren’t getting the distributed software.

                  What is your complaint then? They are not breaking any law and they are following the GPL license.

                  I was using the webframework/language as examples because you said this wasn’t a matter of law but a matter of principle. So why does the principle apply to Redhat but not the million other products that totally depend on FOSS on their core?

                  So many projects do in fact distribute the FOSS, but they use more permissive licenses like MIT, Apache or LGPL. BUT you’re saying the law is not relevant, what matters is the principle. So why don’t everyone release their code if they depend on FOSS on their core products? Because they aren’t breaking the Apache or MIT licenses? Well, that’s great! Redhar isn’t breaking the GPL license either. Why must Redhat follow whatever subjective principles you have?

                  — “hey there’s this company creating a commercial product around FOSS. They aren’t breaking any license.”

                  — “Nice, as long as the licenses aren’t compromised”

                  — “It’s Redhat”

                  — “Those mofos! How dare they!”

  • @cognitive
    link
    989 months ago

    Alma should use this as advantage for them. Now market it as “Alma Linux is more secure than RHEL”.

  • @OsrsNeedsF2P
    link
    959 months ago

    As someone interviewing for Canonical’s Security team (they make you do like 10 interviews, I’m like 5 deep over 3 weeks), I cannot imagine anyone security-minded writing that comment. It either:

    • Comes from higher up
    • Michal doesn’t think security is important
    • @MrOzwaldMan
      link
      -1379 months ago

      Can you prove that your joining Canonical (picture proof), as you know, people can be anything in the internet while they’re in their parent’s basement.

      If you are, what type of interview questions do they ask?

    • d-RLY?
      link
      119 months ago

      Truth! I wasn’t shocked that all the social media and entertainment companies all decided to treat the Covid years as if that growth was organic/normal (all retail stores started doing this much faster). As if people were just going to keep having the same amount of time to spend on them. Or in the case of sites like Reddit, they think that they are the creators of content instead of the location to get it. Companies like Red Hat are more jarring and seem like they would’ve been more realistic.

      The next two paragraphs are just a rant about companies and the government not really caring for stability long-run. Feel free to ignore.

      Of course people were going to start unsubbing now that they need to focus on actual things needed for just living. Covid has shown that all these greedy folks running (or holding shares) companies in all sectors refuse to just be focused on stability. They act like all the crazy large profits were all because of their “genius innovative ideas and leadership.” Of course that was going to happen to all the publicly traded companies, due to their literal legal obligation to always make numbers go up. But shit is beyond a bad way to handle the real material conditions of life. It also doesn’t help that the US did a worse job at doing things like monthly stimulus money compared to other places.

      A capitalist economy requires that people keep buying both needed and wanted things in order to keep things moving around. But instead of putting money into the hands of people, which would then likely buy more things or even have finally something to save for when things normalized (which would be helpful for making the falloff less dramatic). We barely got two total $2000 payments. Fuck, even just making sure folks could have money to finally get out of various debits would mean people could more easily justify keeping things like Netflix.

  • @Secret300@lemmy.world
    link
    fedilink
    619 months ago

    Alright, at first I was like okay red hat wants to make money to keep IBM happy. Now I just realize it’s not read hat anymore. Fuck that I’m moving to suse

      • @Tak
        link
        479 months ago

        Nobody has a problem with Red Hat keeping the lights on and people paid. IBM just wants to increase profit margins because capitalism is a flawed system about abusing whatever you can for personal gain.

          • Avid Amoeba
            link
            fedilink
            159 months ago

            Not bringing anything of value to the discussion but just want to say - fuck 'em.

        • @angrymouse@lemmy.world
          link
          fedilink
          149 months ago

          Just the good old stock market gently asking for infinite growth. You can´t just be profitable these days, shareholders prefer to kill a profitable business that does not grow constantly.

          • @XLRV
            link
            109 months ago

            Yeah, literally a cancer.

    • @Metallinatus
      link
      109 months ago

      Red Hat literally became the first ever billionaire FOSS company (iirc), their pre-selling out business model was working perfectly fine.

  • Lengsel
    link
    fedilink
    579 months ago

    Everyone is going to have to accept that RHEL is over and done. Since paying customers are not allow to release the code publicly, overtime it could turn into its own ooerating system that happens to use the Linux kernel, similar to Android.

    Forget about Red Hat, they’re gone, they’re not an option for any small company. Individuals should never have been using Red Hat, but companies are going to have to find something else like Debian/Devuan, FreeBSD, something with a stable branch that gets 3 to 4 years of updates.

      • Lengsel
        link
        fedilink
        29 months ago

        That’s exactly what’s already happened. Rocky and Alma are already no longer an option for a free version of Red Hat since Red Hat code is not allowed to be shared, it can only be viewed. Read their own words from Alma and Rocky, what they themself said about oing forward.

        Red Hat can also change the license agreement further to include anyone proven to have published source code of Red Hat branded material agrees to pay a fee to Red Hat of no less than $10 million, or whatever price they want to put on it.

        Everyone can scream about Red Hat, all they have to have to do is change some wording in agreement that includes fees(fines) for multi millions of dollars, BOOM! Red Hat becomes a proprietary system built on open source software.

        SUSE says they will fork RHEL, but Alma and Rocky are over in terms of being a clone. People have asked for years why there is no free 1 to 1 clone of SLES and SLED. IBM is free to choose to turn all of RHEL in a proprietary development and lock it down, unless you can get a court order that says Red Hate’s code must be made public, but I don’t dare test IBM lawyers over any code that is not released under AGPLv3, only then I would.

          • Lengsel
            link
            fedilink
            -19 months ago

            The GNU/Linux GPLv2 does not apply to any software developed and owned by Red Hat like all of the Red Hat security programs, that is not covered by the Linux license. If Red Hat never modifies or changes a single line of code in GNU/Linux, they are free to run closed source programs on top of it. They own .rpm file format so they have the legal freedom to make the system and all RH software proprietary.

            That’s how Rocky and Alma are now permanently locked out from accessing the code.

              • Lengsel
                link
                fedilink
                19 months ago

                Until someone gives legal notice to IBM lawyers forcing Red Hat source code to be released pulicly, all of this debating over it means jack nothing.

                If nobody takes IBM to court, the matter is settled and all developers must accept Red Hat’s choices.

                If they dismiss the online talk, ignore all criticisms, and nobody pays for a lawsuit, the case is done and finished.

                I’m not trying skip over your points, as I said from my first first, everybody can talk all they want, who has the power of persuasion or legal force to change IBM’s decision?

                I may be wrong, but I believe only the Linux Foundation is a position to call IBM CTO, President, whoever, and say “We heard about the changes to with holding Red Hat’s source code, you will not be doing that, it shall remain public. If you want to discuss this further, please send your most expensive lawyers to our offices and we will explain in detail why you won’t be doing that.”

    • @gomp
      link
      79 months ago

      RHEL ultimately comes from Fedora (plus Redhat has a great say in where Fedora is headed), so… RHEL won’t become sort of an AIX or HPUX anytime soon.

      That said, Redhat’s move opens up the position of “enterprise-like distro for scientific/technical shops and other people who do their own support” (think, from CERN to small software houses) that so was the reign of RHEL clones (together with Ubuntu, of course).

      Those are people who will probably never buy RHEL licenses for all their machines no matter what, so in a sense it stands to reason that RH doesn’t care about them (if you think their move is about money rather than falling for the “value to the community” PR spin), but those same people are also trend setters whose choices, in time, trickle down to universities and then companies, and to me it looks like there’s a huge opportunity there (and that Alma is currently in the best position to harvest from it in the long run).

      • Lengsel
        link
        fedilink
        19 months ago

        Is there a reason that Alma and/or Rocky shouldn’t try to release their own version of SLES and SLED?

    • @CrypticCoffee
      link
      49 months ago

      Why do people care about RHEL? Is it really any better than Debian based stuff?

      • Lengsel
        link
        fedilink
        79 months ago

        I really don’t care about RHEL. Unless companies want to buy their services to be allowed access to the software it, everyone should forget about Red Hat. It’s done, it’s gone. And there will never be a free version of Red Hat, so look at other long term alternatives.

      • TomTheGeek
        link
        fedilink
        29 months ago

        It checked a lot of boxes for corporation use. SELinux isn’t/wasn’t on debian either. But it’s not any ‘better’. Debian has been rock solid for me. ZFS is the only thing I’d like to see in Debian feature-wise.

  • @dimath@lemmy.pt
    link
    fedilink
    499 months ago

    It still requires a substantial amount of time to review the fix. Depending on the circumstances it might require more time to review a piece of code than to write it.

      • @flux
        link
        English
        79 months ago

        A patch contains more than the changes: it contains the commit message. In open source projects, and in particular in CVE fixes, the commit message can indeed be quite descriptive. It needs to be!

        You’re still right, though. But I like to think professionals are able to verify the changes with the high-quality commit message—possibly in less time than investigating the issue themselves.

      • @odbol@lemmy.world
        link
        fedilink
        English
        19 months ago

        How did they submit changes to only one file? Did they not write a test for it? Sounds like a dodgy patch if it doesn’t have a test

  • AnonTwo
    link
    fedilink
    229 months ago

    Maybe I just don’t get it, but how does this work in any way that doesn’t make them liable for some company being exploited by something that they were aware could’ve been prevented?

    • Maybe, but in practice nothing happens. Microsoft has had numerous issues reported to them before, years ago, and the issue reported to them was never fixed or taken seriously. Then years later, the issue is sometimes rediscovered and they find the report from years earlier, and nothing happens.

      Until legislation gets passed to force companies to take liability of their software, nothing will change.

  • 30021190
    link
    fedilink
    149 months ago

    I’m sure on CentOS/RHEL7 this will be irrespectivly classified a CVE score of 7.8 so they don’t need do security updates for it.