How Can I Justify Using Red Hat When CentOS Exists?

Bocaj writes "I recently spec'd out a large project for our company that included software from Red Hat. It came back from the CIO with everything approved except I have to use CentOS. Why? Because 'it's free Red Hat.' Personally I really like the CentOS project because it puts enterprise class software in the hands of people who might not otherwise afford it. We are not those people. We have money. In fact, I questioned the decision by asking why the CIO was willing to spend money on another very similar project and not this one. The answer was 'because there is no free alternative.' I know this has come up before and I don't want to beat a dead horse, but this is still a very persistent issue. Our CIO is convinced that technical support for any product is worthless. He's willing to spend money on 'one-time' software purchases, but nothing that is an annual subscription. There is data to support that the Red Hat subscription is cheaper that many other up-front paid software products but not CentOS. The only thing it lacks is support, which the CIO doesn't want. Help?"

Support them from your own money

[SharkLaser]

The only thing it lacks is support, which the CIO doesn't want. Help?

Then you get CentOS and stop trying to spend other people's money on things they don't want to. If you care about Red Hat getting their support, then donate to them yourself, from your own money. Red Hat sells support service, and that is their product. Otherwise, it's just a compilation of others software, just like CentOS is. It's obvious your company doesn't need the support service so CentOS suits you just fine. Pushing an agenda down others throath doesn't help open source's image either. It should come from their own willingness to help or by providing so fantastic service that people actually want it.

Re:Support them from your own money

[genghisjahn]

I think what he's saying is that he thinks they will need the support, and since they can afford it, why not get it?

Re:Support them from your own money

[mabhatter654]

The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?

When you hit a problem your team can't solve what dollar value is that? Granted, for anything using a LAMP stack it is probably just as efficient to spin up a new server and start over versus a lot of money for support that isn't going to figure out all your custom stuff anyway.

I swear by IBM System i with IBM support. It's outrageously expensive, but they will call support engineers after hours when you have a problem level 2 can't handle. Microsoft's comparible offerings require a thousand seats.. IBM will sell you support for just one server.

In my case we have three steel mills worth $10k+ per hour of downtime... Even more if downtime causes rework. If we have more than an hour down I have vice presidents in my bosses office!

I suppose it's up to poster's boss, those C.I.O. Letters make it his decision... and his ass will be on the line when you have to explain why he didn't line up something to cover for things the minions can't handle.

Re:Support them from your own money

[hairyfeet]

How about for one thing its a perfect example of the "free rider problem" and why FOSS companies like Novell and Mandriva slowly bleed to death and simply can't compete with the R&D that Apple and MSFT spend?

I mean how many here even KNOW where CentOS came from? Because its not a nice story folks, and its a perfect example of why the leeches will bleed FOSS to death. Once upon a time there was a company that sold hardware that ran...you guess it...RHEL on it, but someone at that company said "Hey, if we strip all the copyrighted stuff out we can just take what we want and not have to pay RH shit! We'll save a bundle!" and so CentOS was born. And before anyone says "Well herp derp RH doesn't complain" what do you expect them to save? "Hey community please stop butt fucking us please?"

It is also a classic example of short sighted thinking shooting yourselves right in the face. Who gives more than any other company when it comes to giving back to the community? Why that would be RH. Now how do they pay for that? Ooops, didn't think of that, did you? Its the same reason I doubt you'll be seeing any companies opening their hardware anytime soon, as AMD bent over backward, even hiring coders to help the FOSS driver guys and opened their specs as wide as they could, and what did they get? every forum filled with guys saying "Herp derp, buy Nvidia".

Pretty much everyone with a brain is saying the economy will get much worse before it gets better as not only have we hit bottom yet on the two previous bubbles, but we have two MORE bubbles that could burst any time, the student loan bubble and the retirement bubble. Now what do you think is gonna happen to RH if the economy continues to tank and more and more potential and former customers take the same route? I'll tell you, first they'll have to scale back, which will make quality suffer. patches will take longer, new features won't be implemented, things will get worse, this will then cause more to leave as there are OTHER OSes they can have for free, right? Then you end up in a death spiral and if you aren't careful Red hat is another Novell. don't forget once upon a time both Novell and Sun were powerhouses in the industry too.

This is why I have been saying for ages "free as in beer" needs to die and be replaced by "free as in freedom" only. Hell even RMS says there is nothing wrong with making money from your code as long as others have the freedom to modify. But sadly what we'll see instead is short sighted thinking like in TFA, where they'll expect this poor schmuck to "just Google it" to solve even the most complex problems with ZERO support, hell they might even reward him by cutting his staff! Meanwhile MSFT and Apple get paid year after year after year, they have NO problem spending money on R&D and advertising, they just keep on coming. How are companies like Red Hat that are busting their balls for the community gonna survive if everyone says "Just use CentOS"?

Re:Support them from your own money

I used to run an AS/400 system. And you're right. IBM's support rocks. One time the keylock was broken on the unit, and we needed it working. My support guy came out, verified the situation, then told me the bad news - "The nearest part we have in stock is in New York." (I was in California.) Then my support guy smiled and said, "The good news is that I've gotten ahold of of one that's on an airplane right now, headed this way. It will be here in 45 minutes."

Now THAT is support. :-)

Re:Support them from your own money

[smash]

People still buy red hat for the support. If the pay ware stuff in red hat was worth money, then people would pay money for it. Whining about red hat getting fucked when this is exactly the type of behaviour expected and encouraged by the GPL is disingenuous.

Re:Support them from your own money

[LordLimecat]

Im pretty sure if the need arose, there are scores of companies that would love to take your money in return for supporting CentOS, either on an ongoing or onetime basis. A good starting google search might be "CentOS Consultant" or "CentOS support", both of which return promising results.

To OP:
An ongoing contract is not always necessary; sometimes it makes more sense to do one-time issues. The CIO's job (and higher executives) is to make decisions like these based on their own experience and based on the recommendations they get from others. You have given your input, and he is deciding that, however good your advice it is, he is willing to take the risk for what he thinks is a better value. I would just accept that.

As a consultant, I have met smaller clients who, for example, insist on using Norton "business" products. I give my opinion on them, tell them I think it is a bad solution, and if they say "thanks, but we want to use norton", I have done my job, and they are doing theirs. Noone wants an engineer who thinks it is his job to make executive decisions, because it is not.

Re:Support them from your own money

[LordLimecat]

The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?

No, the question is what is OP's job description. Arguing endlessly with his superiors about their executive decisions is not going to change their minds or endear OP to them. Sometimes being an adult and a professional means accepting that your superiors will make decisions that you disagree with, and learning to accept that.

Re:Support them from your own money

[buddyglass]

You make an excellent case against Red Hat's business model. A company that has to survive on charity isn't so much a company as it is...a charity. Personally, I would never fault anyone for choosing CentOS (and thereby choosing not to pay Red Hat) if CentOS meets their needs. They are in no way obligated to Red Hat as a corporate entity. If Red Hat can't hack it in the presence of competition from CentOS then Red Hat needs to die, because it's not providing a service anyone values enough to actually pay for.

Re:Support them from your own money

[ghjm]

Red Hat's share price is at a 5 year high, and I believe their revenues are at an all-time high. If they are being crushed, it is in some wierdly subtle way that shows up on the balance sheet as strong revenue and profitability.

Re:Support them from your own money

[buddyglass]

Again, everything you've said argues against Red Hat's business model. They're contributing to the linux kernel and not getting paid for it. They're trying to eke revenue out of providing support for something that, apparently, many people feel they don't need support for, as evidenced by the popularity of CentOS. If Red Hat's kernel contributions aren't adding to the company's bottom line then they owe it to their shareholders to stop spending money paying developers to contribute. If it is adding to their bottom line then you shouldn't feel as if you "owe it to them" to buy their support services as a means of subsidizing their kernel work.

Re:Support them from your own money

[afabbro]

Don't let the fact that RedHat loves CentOS, supports it, and is happy to have enormous free testing of their flagdhip product interrupt your ALL CAPS EMPHASIS rant.

Re:Support them from your own money

[turbidostato]

"Hey, if we strip all the copyrighted stuff out we can just take what we want and not have to pay RH shit! We'll save a bundle!"

Well, and the "no so nice" part is?

Red Hat decided on their own way to do business. Such a way included not developing an OS from start but instead using an OS with a license that allowed them to package it and throw a brand, a marketing campaign and a support business but it has a cost Red Hat was willing to accept: that others could do the same.

The end result is that Red Hat pushes money at it because it works for them, CentOS rebrands the software because it works for them, and I as a user have a choice that fits me. The day each respective choice works for the given agent no more is the day they'll change boats to look for greener coasts.

But that's the basis of free market, now, isn't it?

Re:Support them from your own money

[mlts]

There are two reasons why I am speccing RedHat over CentOS, and neither have to do with support:

1: Application support for production systems. Yes, it shouldn't make a difference, but if I call in for support on an application that specifies the list of supported operating systems, and its not RedHat, there is a good chance I'll get laughed off the phone with "sorry, no app support until you have a supported OS".

2: FIPS, Common Criteria, and other certifications. These can mean the difference between "due diligence" in IT versus bad faith when it comes to an audit. Yes, this is pure legal eagle stuff, just like the requirement that the 64 CPU POWER7 box in the rack has to run McAfee, but it means the difference between passing an audit, or perhaps getting a contract terminated.

This doesn't mean CentOS is bad. It just means that having the certificates that come with the commercial version of RedHat may mean success or failure when the CPAs and the JDs are done extracting their pounds of flesh.

Re:Support them from your own money

[leenks]

Where I am working at the moment runs Centos on many of their servers. Why? Because they are a consultancy and many clients are using RedHat. Centos allows them to develop against it with relatively high confidence it will work the same on RedHat (as well as you could expect developing against RedHat on a development network and then shipping a product to be deployed in a different environment at least). I don't see the client base changing to Centos for deployment - they need / want the support blanket.

Re:Support them from your own money

[BitZtream]

Except that Red Hat does provide services people value, they're they top contributor [cnet.com] to the Linux kernel.

They're the leading contributor because the people paying for support need those features/bugfixes they are contributing.

Support contracts aren't just for helping clueless admins do their job because they're too lazy to Google.

Re:Support them from your own money

[Ritchie70]

My philosophy is that I'm not paid what still seems like a somewhat shocking amount of money to just do what I'm told. You can get some kid to do that.

I'm paid to do my best to understand all the issues, make a clear recommendation, and to make sure that the boss clearly understands my recommendation. If the boss disagrees with my recommendation, it's my job to make sure they understand why I think what I think.

At that point it's on them if they want to decide against my recommendation. Sometimes it works out, sometimes it doesn't. And it becomes my job to do what they decided should be done, and to do my best to make it work, even if I think it's stupid.

It seems to me that the OP is still in the "make sure they understand" phase.

Re:Support them from your own money

[catmistake]

Odd that everyone seems to miss the fact that you can indeed run RHEL free without paying for their excellent support. I point this out to everyone who tells me CentOS is free. RHEL is free, too. If you want support you must pay.

Update & security responsiveness

[dodocaptain]

By and large the CentOS team do an excellent job with the distribution - but it's a volunteer effort and there have been some notable times lately when important or security updates which have been shipped by Red Hat run late with CentOS, sometimes by a considerable amount of time.

If the CIO wants CentOS over Red Hat, he also needs to be prepared to accept the risk of delayed updates, no guarantees to updates or bug fixes and that one annoying time a particular server suffers an obscure bug, there won't be a vendor to go back to for obtaining a resolution.

Re:Update & security responsiveness

[gazbo]

I think maybe you're missing the point? If they offered continuous upgrades for non security reasons, they could hardly claim to offer a stable platform. If you want up-to-date packages, why not just use Fedora in the first place rather than backporting packages?

Re:Update & security responsiveness

[JWSmythe]

    I seem to recall something about that also.

    I worked for a place, that was sworn to use RedHat.. Well, RedHat 6.0 through 6.2. The logic was "Our application worked on it then, we'll keep using it forever". Damned the remote exploits. Damned patching it, ever. We'll use it the way it came off the disk.

    {sigh}

    I showed them that their application ran fine on the current Slackware, and even Slackware64. They had 64 bit servers, but refused to consider using a 64 bit operating system. Again, "it's the way we've always done it."

    A few remote exploits later, and new hardware that simply wasn't recognized (damned if they'll let me build a kernel). I had to sneak a few newer kernels on, to support hardware that they wanted. (shh, that's still a secret).

    They did decide to start using newer hardware, with a modern operating system. They wanted RedHat, they wanted support, but didn't want to pay for RHEL. I asked them "how many times have you asked for support in the last few years?" The answer was, "zero". Actually, they did ask for support. The folks over at RedHat laughed at them. Well, very politely. It was something like "You're using an ancient unpatched patform. Go download something resembling modern, and we'll help you."

    There was a running theme there too. They used the version of Postgresql that came on the CD. They used the version of Apache that came on the CD. Regardless of what improvements or security fixes showed up in future versions, they didn't come on the original CD, so they weren't trustworthy. I was really surprised that we didn't have a higher suicide rate. I found that talking to a brick wall while on long smoke breaks was far more rational than trying to argue with them.

    The ended up going with CentOS, because it was modern, it did have pay support available, and they could get the OS for free.

    I have a serious problem with RedHat and all derivatives. They patch known stable code to make it theirs. On so many developer sites, I've seen statements saying that they can't support known bugs in the RedHat tainted versions, because the changes destabilized it. Basically, if you want help from the author, go get a fresh copy, compile it, and install it. If you're allergic to compiling (sadly, so many people are), most authors have a RPM version available.

    It's not just a few authors who complain. It's not just some edge cases that become troublesome. I ran into them all the damned time. In quite a few cases, I had to go compile static binaries from original author sources, on my Slackware machine, and copy them over, so basic things would "just work". They refused to accept that anything with "Slack" in the name could possibly work, regardless of the fact that I ran an enterprise network for years, fully automated, without any problems.

    The fully automated part was the reason I wasn't there any more. My babies (the servers) were self sufficient. I was just a babysitter, in case something went wrong. Failed hard drive, CPU fan failure, the occasional bad network cable. You get the idea. I didn't spend every day logging into well over 100 servers, fixing things. And we were always patched up to current. If Slack didn't have a package, or if we wanted something different, we managed that ourselves. As I recall, that list was 3 things. Apache, Sendmail, and OpenSSH. Those three were customized for our purposes.

Re:Update & security responsiveness

[Red+Storm]

Before I came to Red Hat I had a similar opinion. When I worked in Silicon Valley I thought "Why would anyone want to pay for Red Hat, I can't afford it so that means it's expensive." However after being at Red Hat for over a year my opinion has changed, and that has been because of some things I have witnessed.

Support is one of the first things people think about, however there is a little more than meets the eye here. Let's start with the packages. Let's say there's a major exploit in SSHd, you will likely see a fix from Red Hat within a few days, which will then be available via RHN. The source to the rpm will also be available at ftp.redhat.com due to the GPL obligations. (More on the GPL and RH later.) At this point in time RH customers have the patch available, in this fictitious scenario let's say it took RH 3 days to release the patch from time of exploit publication. CentOS users still don't have the fix, plus CentOS operates somewhat as a "Black Box." You will get the fix when they get around to it, let's say that takes two weeks before it's released (Could be more could be less). That means your systems are vulnerable for about two weeks, in some shops that's an acceptable risk, in other places it's not.
* Support from people is the other thing that people think about. Have you ever had to call RH support? If yes have you ever talked with an idiot? In the many times I have called RH support I have not dealt with anyone who I felt was sub-standard. Most often the problem I have seen is when the clients I'm working with do not present RH support with the information required in a timely manner. When the answers come back they often link to other knowledge base articles and have clear steps to either solve the problem or to better understand some of the complexities. When a solution is found and there is not a KBase article I understand (I may have heard wrong here) that there is an obligation to write a KBase article. I know that tickets are reviewed after they are closed. One ticket I opened regarding Satellite for a customer is getting discussion amongst the Satellite developers about how to best handle the same scenario in the future.
* Support from Articles, this I feel is a real hidden Gem of RH. Nobody knows about it until you have a subscription, and then everyone is so used to using Google for their answers they forget to start here first. The KBase articles from RH are phenomenal! I had a customer ask me how to rebuild the RH ISO image to include their own KS script. I could Google and find 10 articles talking about much of what I'm looking for or search the KBase and find one article that has every step needed for modifying a RHEL disk to have the KS script on the disk.
* Training. Having been through a few RH training classes I can say they are all very good. Yes there are some areas where I have questioned the need to know some things, but that is normal, but I'm never left feeling like the class was a waste. I have always walked out having learned many things which I can use later.
* Consulting. Yes there are many open source consultants who can come onsite and help implement a solution or fix something, however how many of them have access to the people who wrote the Distro or maintain the upstream project? RH has an internal list just for technical questions, many of the engineers are on this list and very technical answers are delieverd. Often SAs (Solutions Architects) and Consultants will post questions their clients have asked. I have yet to see a response of "Why would you want to do that?" or "RTFM."
* Additional products. Red Hat takes upstream projects and repackages them to integrate tightly with RH. Satellite is one example, it comes from Spacewalk and is designed to help keep internal systems up to date and patched according to their channel assignment. Could you use Spacewalk to manage your CentOS machines, yes you can! However let's say you have a problem getting Spacewlak to work right, or there's a bug, what kind of support

Re:Update & security responsiveness

[rwa2]

By and large the CentOS team do an excellent job with the distribution - but it's a volunteer effort and there have been some notable times lately when important or security updates which have been shipped by Red Hat run late with CentOS, sometimes by a considerable amount of time.

You could also use Scientific Linux instead of CentOS. SL has the backing of CERN behind it, and as a result it has been much more responsive to that sort of thing. SL 6.0 and 6.1 came out much sooner than the CentOS team could port (hell, I think we're still waiting for CentOS 6.1). SL is pretty much otherwise identical in spirit to CentOS... pretty much a white-box clone of RHEL. Sure there are a few minor improvements. And there's a LiveCD!

CentOS itself was apparently launched by a diskless clustering company, which has since started primarily developing on Debian. So I kinda anticipate SL becoming the premier RHEL clone.

Most places I've worked for would develop on CentOS, then swing for the RHEL license when they deploy to clients (probably so they can bill it and markup a "handling fee").

There is a movement to migrate everything to RHEL for security reasons (mainly so you have someone else to blame if your server gets hacked for any reason, I suppose if you're running CentOS you basically might have to suck up the blame).

I would like to support Redhat financially, but I'm more of a Debian guy, and the RHN is more or less broken on the RHEL6 licensed VM that work bought for me due to some certificate error :-P

Still not Windows

You are lucky your CIO is not wedded to Windows. Stop complaining.

Give Em A Call

[Frosty+Piss]

Give Red Hat a call. Seriously, if their sales department can't justify it for you, it's not justified.

Re:Give Em A Call

[King_TJ]

Fair answer... but I'd say truthfully, the SALES department isn't really the group you want to rely on if you need an honest answer. It's their job to maximize sales, so you can expect them to sugar-coat a lot of things and exaggerate the usefulness and capabilities of whatever they're hawking.

They're not bad if YOU already know you want the product and want some more ideas to make a good case for it. But what I'm seeing here is a guy who seems concerned that businesses the size of the one he's in are "supposed" to be buying Red Hat to help support the project, yet they're opting out because they feel they can get by fine with a free alternative that wasn't necessarily made available with intentions of companies like his using it to bypass paying for Red Hat.

To that, I'd say -- no, Red Hat is a commercial business like any other. They're not a charity. The CIO may be the smart one here. I haven't had to work with Red Hat support before, but my workplace pays a lot of money out in support contracts that generally get very little real use. I think they pay for them primarily as a form of insurance, out of FEAR of what might go wrong in the future. Regardless, if I looked back for the last 5-6 years at all the maintenance/support agreements we own and tried to actually cost justify them based on incidents where we used them? Wow ... that would easily average out to several thousands dollars for each hour of time spent on the phone for support!

Re:Give Em A Call

[k8to]

A salesperson who does not bend the truth is far and away the exception. Good on you. But more good on your employer who doesn't structure your pay to essentially require you to compete with your colleagues (on a quarter by quarter basis, not over time) who all DO bend it. Because if they did, you'd get let go if you fell behind, so you'd be similarly dishonest or let go. That's how the vast majority of sales organizations are structured.

What does support mean?

[TheRaven64]

If you can't answer the question 'what does the support buy you?', then you can't answer this. Most of the time, when people talk about support at the enterprise level they mean adding features and fixing bugs that are important to the company paying the bills. Do you have the expertise in-house to do this? If so, then there is no advantage in Red Hat over CentOS (unless it means you can make some of your in-house people redundant). If not, then it has some value. If you can do it all in house, then do: that's the main economic advantage of Free Software, that you always have competition when it comes to providing support, you never have one vendor that is the only one that can fix the bugs that you care about.

If you can do it in house, then don't try to persuade your boss to let you pay Red Hat, persuade him to let you send any fixes or enhancements that your team makes to the relevant upstream projects. This is likely to be much more valuable to those projects than your handing over a pile of money to a third party.

Re:What does support mean?

[Kjella]

If you can't answer the question 'what does the support buy you?', then you can't answer this. Most of the time, when people talk about support at the enterprise level they mean adding features and fixing bugs that are important to the company paying the bills. Do you have the expertise in-house to do this? If so, then there is no advantage in Red Hat over CentOS (unless it means you can make some of your in-house people redundant).

The real question is: Have you ever used your fire insurance? If no, do you think it would be a good idea to drop it? I'd call it excessive if you used it even once a decade. Most companies I know really have support because they can't afford to have a big staff waiting around for shit to hit the fan, but if shit hits the fan they can't afford extended downtime. What if your main man is on vacation or hospitalized or just left the company? The minor features and bugs that get fixed might be perks but that's not really why they're paying. And that's why the CIO's suggestion might work fine this year. And next year. And the year after that. But when your production server just keeps crashing and the backups just keep crashing because it's hit some ugly condition and you need people that really know the system and you need them right now, that's when you want support. But it's rather hard to argue with a man that think lightning never strikes.

CIO may be reasonably well informed

[perpenso]

You are lucky your CIO is not wedded to Windows. Stop complaining.

Not only that the CIO seems to know that Linux has various distributions serving different needs and knows of CentOS' relationship to RHEL. Not being a Windows only guy is great, but knowing that Linux is not a singular unix-like operating system is even better. There is actually no real evidence that the CIO is making an ill informed decision. He may be of the opinion that it is, or should be, within the IT department's capabilities to support these systems. More so if the systems are for internal use, less so if they are accessible by the public.

Linux is free if you have a brain.

[khasim]

Since ANY system you use will require that you learn SOMETHING about it your title is misleading.

The scenarios are:
1. Your people can already handle the task
2. Your people need to learn more and do so without additional expenses
3. Your people need to learn more and do so with additional expenses
4. Your people need to learn more and do NOT do so
5. You outsource the project and dump the scenarios onto the outsourcing company.

It doesn't matter which platform you choose. So Linux is still free (and Free like speech) as long as you have a brain and can learn.

Support = you

[vlm]

The only thing it lacks is support

That's you, right?

Its a whole different ballgame if the boss is willing to hire someone who happens to be a dev for the OS.

That is roughly the position I operate in since 1997, but in a Debian world.

CentOS have been lagging on updates lately ...

[Paska]

CentOS's release schedule has been really struggling recently. Release 6 was almost edging a 250 day delay over Red Hat.

CentOS have still to announce an official date for 6.1 to be released, which Red Hat released back on May 19th. There is a lot of uncertainty regarding CentOS releases and as such in my opinion makes CentOS not the ideal choice for the enterprise.

Other advantages are Red Hat's support services and the Red Hat Network (RHN) are second to none. RHN alone is what convinced us to pony up money for licenses.

The gist of the advantages are: better support, quicker updates/security fixes, easier and centralised management of multiple servers with the only disadvantage being a price tag.

...the whistle you don't blow

[rbrander]

Are you kidding? This is *perfect*. Complain three times in meetings with as many witnesses as possible that "this exposes us to risk of downtime and high support costs", and be sure to end with "...this is your call, but its against my professional advice". Have that minuted.

Then, if the "train jumps the track", it won' be you who catches hell. You'll get your RH soon enough.

And it's *perfect*, because, like a military man asking for $800B next year instead of $700B, you come across as money-hungry, but honestly so, in service of doing your job well. No special approbation will attach. So, you don't lose significantly in the event that all goes swimmingly for many years on end, and you look prescient and wise if anything goes bad.

Re:Support and Release Schedule

[innocent_white_lamb]

There are good and valid reasons why Centos is currently falling behind RHEL in doing updates. Red Hat is making it more difficult for Centos to keep up. This may not be intended to target Centos, but rather Oracle who has been using Red Hat's own work to sell a competing tech support service.

However, Centos gets caught in the crossfire. This email from Johnny Hughes lays out some of the issues that Centos now has to deal with that were never an issue before.

Here is what he has to say:

QUOTE:
Yes, and NOW the release process is MUCH harder.

Red Hat used to have an AS release that contained everything ... we build that and we get everything. Nice and simple. Build all the packages, look at it against the AS iso set ... done. Two weeks was about as long as it took.

Now, for version 6, they have:

Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Workstation FasTrack (v. 6)
Red Hat Enterprise Linux Server FasTrack (v. 6)
Red Hat Enterprise Linux Desktop FasTrack (v. 6)
Red Hat Enterprise Linux Scalable File System (v. 6)
Red Hat Enterprise Linux Resilient Storage (v. 6)
Red Hat Enterprise Linux Load Balancer (v. 6)
Red Hat Enterprise Linux HPC Node FasTrack (v. 6)
Red Hat Enterprise Linux High Performance Network (v. 6)
Red Hat Enterprise Virtualization

They have the same install groups with different packages based on the above groupings, so we have to do some kind of custom generation of the comps files to things work.

They have created an optional channel in several of those groupings that is only accessible via RHN and they do not put those RPMS on any ISOs ... and they have completely changed their "Authorized Use Policy" so that we can NOT login to RHN and use anything that is not on a public
FTP server or on an ISO set ... effectively cutting us off from the ability to check anything on the optional channel.

Now we have to engineer a compilation of all those groupings, we have to figure out what parts of the optional channels go at the point release and which ones do not (the ones that are upgrades). Sometimes the only way to tell is when something does not build correctly and you have reverse an optional package to a previous version for the build, etc.

We have to use anaconda to build our ISOs and upstream is using "something else" to build theirs .. so anaconda NEVER works anymore out of the box. We get ISOs (or usb images) that do not work and have to basically redesign anaconda.

We can't look at upstream build logs, we can't get all the binary RPMs for testing and be within the Terms of Service.

And with the new release, it seems that they have purposely broken the rpmmacros, and do not care to fix it:

https://bugzilla.redhat.com/show_bug.cgi?id=743229

So, trust me, it is MUCH more complicated now than it was with previous releases to build.

With the 5.7 release, there were several SRPMS that did not make it to the public FTP server without much prompting from us. And with the Authorized Use Policy, I can not just go to RHN and grab that SRPM and use it. If it is not public, we can no longer release it.

So, the short answer is, it now takes longer.
END OF QUOTE

Re:Linux is free if your time is worthless.

[chrb]

"Linux is free if your time is worthless".

This is possibly one of the most useless quotes ever. Does it take zero time to build and deploy a solution on Windows? No. Does it take zero time to build and deploy a solution on any other platform? No. Building and deploying a solution on any platform takes time. So what is the point of this quote? If it is to state that building and deploying software takes time, then it is stating the obvious, and needlessly singles out one platform, when the principle applies to all. If the point of the quote is to suggest that Linux based solutions require more time than those of other systems, then the evidence suggests otherwise, as studies have shown that the average Linux admin is able to support a greater number of servers than a similarly qualified Windows admin.

Linux is free. You can download it for free. You can run it on as many servers, with as many CPUs and users as you want, and you don't have to pay anything to anybody. That is what free (in this context) means: "Free: Without cost or payment." Nobody ever claimed that by choosing Linux you would have no work to do - that somehow, amazingly, your servers and systems would get built and deployed by magical Linux elves, who do your job for free. It's an absolute strawman argument.

Re:He's unlucky his CIO's a fool then

[AdamWill]

Just a very short refutation:

counting numbers of security advisories issued for a product is an entirely useless metric when it's up to the creator of the product under what circumstances to issue an advisory. Red Hat could stop issuing security advisories for anything tomorrow, and by your metric, it would then be the Most Secure Thing Ever.

By counting advisories and then ranking on the basis that more advisories = less security you're essentially punishing good behaviour. It's not a _good_ thing to encourage companies to stop telling you about security issues.

Re:Linux is free if your time is worthless.

[MattW]

His point is that the cost of a RHEL license is only a tiny component of the TCO of a server. After that, if anything goes wrong, then the question is: is the price you pay for RHEL support less than the time it would take you to handle it yourself? Also, as someone else pointed out, RHN adds configuration management and faster patches. Time to set up some other system to management system configs; time to repair or replace hacked boxes because a centos patch was too slow... In the grand scheme of things, those may not be worth it. For example, in a fully-loaded 12-core system being used for virtualization hosting with a 4:1 cpu overcommit, RHEL only costs $.0019 per vm-hour.

Also, long term support is a big deal in enterprises. A lot of times large enterprise projects are built over the course of years. Having Red Hat means that when some change to a piece of hardware firmware causes some inexplicable OS crash 5 years after deploying. It may be very specific to your environment and your hardware and software. You can call up Red Hat, and if it hasn't been fixed, they will go in and fix the source code in order to fix it for you. There are cases where the systems and their function is worth hundreds of thousands or millions of dollars; having Red Hat able to "stand behind" Linux is worth paying for, for some people.