Features Download
From: Johnny Hughes <johnny-IFYaIzF+flcdnm+yROfE0A <at> public.gmane.org>
Subject: Re: CentOS 7 and release numbering
Newsgroups: gmane.linux.centos.devel
Date: Saturday 7th June 2014 15:32:47 UTC (over 3 years ago)
On 06/07/2014 05:56 AM, Tim Bell wrote:
> A few quick thoughts....
> 1. Does the SIG need a naming convention also, e.g.
> CentOS-7.1407-Cloud-140805
> i.e. the cloud SIG based build done on 5th August 2014 based off the
CentOS 7 tree in July 2014.

That is what we are looking for, a 3rd component for the SIGs, so that
they can (if they need to), delineate something that is different on the
end.  It allows for mix and match as the SIGs see fit.

> 2. The minor release number is not in the naming convention. Is this a
question of length ?
> CentOS-7.0-1407
> I am thinking as we get to beta releases of 7.1, having a mechanism to
name the beta releases independently of the production ones would be

The issue with 7.0, 7.1 or 7.2 versus 7.YYMM is this (I'll use 6.4 and
6.5 and real dates/times in my example):

CentOS has never supported older versions than the current release.  Red
Hat, by default behaves the same way.  As an example .. if you install
CentOS-6.0 or RHEL-6.0 then at install time the ISOs contain similar
versions (ie, the mysql versions and firefox versions offered at the
same, etc.)

If you did this install during the 6.4 time frame, then did an update,
you would get the updates from the 6.4/os tree and the 6.4/updates
tree.  This works the same way for both CentOS and the Default RHEL

The problem that happens is that Red Hat also offers some subscription
services called AUS, EUS, and ELS.  ELS is Extended Lifetime Support
which is something you can purchase after a products End Of Life is
reached (you would need this to get any support or updates for RHEL-4
now). AUS seems to be longer life support for the "minor" branch (the .4
branch in 6.4), so in this subscription you would continue to get
security updates for RHEL-6.4 even though RHEL-6.5 is released).  Then
there is EUS which seems to add a Z stream for 6.4 ... so a 6.4.1 and
6.4.2.  I have no idea what its relationship is to 6.4 AUS ... that is
beyond the scope of this mail and the CentOS project.  (If you want to
understand the nuances of RHEL subscriptions and the extended lifetime
offerings in detail, contact the Red Hat sales team and they will gladly
explain it in all its detail :) )

While we are not experts on what all of these Red Hat extended lifetime
product acronyms mean and provide, they do all relate to the CentOS
Linux distribution in exactly the same way.  Red Hat does not now, nor
have they ever provided those sources to the public, but only to the
specific customers who are in those specific subscriptions.  So, CentOS
has never, and will never release these kinds of updates (unless Red Hat
changes they way they release that source code).

Now to the problem.  A CentOS minor version relates to a point in time
snapshot of the all packages at a specific point in the lifetime of the
major version.  So that means that all 6.4 designates in the CentOS-6
distribution is that the "os/" directory of 6.4 matches the packages on
the installable media that we produced on the date we built it and that
it also matches the versions of software that is at that some point in
time on Red Hat 6.4 ISOs.  So, at the specific point in time, the
distros are similar from a versioning perspective.  All the non extended
lifetime releases will go into our 6.4 updates directory and 6.4/os with
6.4/updates will have package versioning that is the same as the
versions that are represented on this page for a given date range:


(Note: this is using the RHEL "Server" (v. 6) General Advisories .. we
track everything in all the other "v .6" branches as well (Workstation,
Desktop, HPC Node, Resilient Storage,  High Availability, Load Balancer
... and FasTrack for each that have them)

But for explanation, lets just use the server page linked above.  If you
look at that linked page, Red Hat did a release of 6.4 on 2013-02-20 and
they did a release of 6.5 on 2013-11-20.  Our CentOS-6.4 release
includes all versions of software on that page  (our rebuilt software of
course, not Red Hat software) that RH included on their ISOs up to the
release point.  Throughout the lifetime of our CentOS-6.4, all the
updates that happened between those two dates went into our 6.4/updates
directory.  During the lifetime of 6.4, when it is on our main servers,
if you yum update our product or RHEL if you would get similar
versioning of your saftware packaging, etc.  But when RHEL-6.5 happens,
we start a new CentOS-6.5 tree. This is where there is confusion and
what we are really trying to address ... Red Hat still has 6.4 AUS and
6.4.z EUS updates that they do ... and you can look at them here:

AUS:  https://rhn.redhat.com/errata/rhel-server-6.4.aus-errata.html

EUS:  https://rhn.redhat.com/errata/rhel-server-6.4-errata.html

I know this is complicated ... but its important, so bear with me :)

So CentOS-6.4 stopped being supported when we released CentOS-6.5 ... we
moved 6.4 to our vault.  All the updates in the 6.4 channel stopped at
that point and we started doing the new updaes into 6.5 .. our 6.5 "os/"
is what is installable on the ISOs and our 6.5 updates (anything after
2013-11-20) is in the 6.5 "updates/" directory.  But Red Hat still has
not only their "v. 6" channel (which the CentOS versions are based on
and are always up2date), but they also have those other two 6.4 channels
(AUS an EUS).

Lets look at a security update ... the important OpenSSL one from
2014-06-05 ... if you look on the "rhel-server-6" above, it says this is
the update that fixes the issue:

That is version "openssl-1.0.1e-16.el6_5.14.src.rpm" ... Red Hat
released that publicly, CentOS grabbed it, built it and put it in our
6.5 tree in the updates directory. If you are on our 6/ or 6.5/ tree,
you got the update and all is well.  If you are instead running
CentOS-6.4 .. all is not well.  You will never get that update.  But,
Red Hat has those other subscriptions ... AUS and EUS .. and those have
this for 6.4:

On that page, there are these available for 6.4:

AUS:  openssl-1.0.0-27.el6_4.4.src.rpm
EUS:  openssl-1.0.0-27.el6_4.4.src.rpm

(in this case the same package)

But, Red Hat only gives out that package and its sources to customers
that are in one of those "extended" subscription plans ... so therefore
CentOS does not build that and we do not update our 6.4 directory on
vault for this problem.

So, one major thing that the CentOS Project is trying to convey with
this version number change recommendation is that CentOS is really
Version 6 ... NOT version 6.4 and 6.5 ... and that we have snapshots in
time of our tree to add newer hardware and software to the installer. 
But the only supported version of CentOS-6 is ever "the latest".  We
have said this many times, its in FAQs, on the mailing lists, etc. 
Regardless, people still think they can get security updates out of band
(ie, 6.5 updates with 6.4 installed).  We think that making the "Point
In Time" (in this case, Date in the form of YYMM, since we will never
have 2 releases in the same month) be the minor release number, instead
of the RHEL minor version number, helps convey this concept and much
better serves our users.

In my above example, if we were using the newly proposed numbering
system, Red Hat would have 6.5, 6.4, 6.5 AUS, 6.5.z EUS, 6.4 AUS, 6.4.z
EUS.  There could be as many as 5 packages that would address the fix. 
CentOS on the other hand would have two releases ... 6.1302 and 6.1311
... if your release is older than a year (normally even older than 9
months) then it is easy to tell (Feb 2013 is too old .. am I on the
supported release).  You can easily see that you are running a non
supported tree.  Also, 6.1311 would be the 5th listed version released,
so if you were looking at a list, it would be number 5 on the list ..
also traceable that way.  But with the other Red Hat 6.4 offerings, we
think that only causes confusion for CentOS users and we don't want that.

We think this system conveys exactly what we want to project with our
versioning system. For CentOS-6 the releases would have been:

0.  CentOS-6.1011
1.  CentOS-6.1105
2.  CentOS-6.1112
3.  CentOS-6.1206
4.  CentOS-6.1302
5.  CentOS-6.1311

As you can see, the minor numbers also match in the list (6.3 matches
6.1206) ... it's very easy to see that there are 6, 7, 7,  8, and 9
months between releases, etc.

CD: 4ms