Page 1 of 1

CentOS and redhat

Posted: 2015/08/17 01:59:43
by m1xed0s
Other than branding and commercial support, is centOS the same as redhat? Do they have the same release cycle, security patches and stability? I thought I know the answers but after I started looking for a server OS for datacenter.

If Ubuntu server edition, openSUSE and centOS are in front of you, which one u choose as general server OS for datacenter? And why?

Re: CentOS and redhat

Posted: 2015/08/17 08:21:23
by TrevorH
CentOS takes the SRPM (or what Redhat commit to for CentOS 7) and removes the RH trademarks and rebuilds them as-is. Any packages that are changed have .centos. in their names. For individual updates the aim is to release them within a few hours of the upstream fix being released, for larger updates like a point release (e.g. 6.7) the release takes longer but the updates are put into the "CR" yum repository as soon as possible so you don't have to wait for the iso images to be built and tested. If you look at the wikipedia article about CentOS then it has a table of the various point releases and how long they took. That table distorts the stats a little since it takes no account of the CR repo - the updates for 6.7 for example were in CR within 2 or 3 days though it took about 2 weeks to get the isos out.

Pointless asking which O/S you'd prefer on a CentOS specific forum since we're mostly a bit biased.

Re: CentOS and redhat

Posted: 2015/08/17 11:40:03
by m1xed0s
TrevorH wrote: ...
Pointless asking which O/S you'd prefer on a CentOS specific forum since we're mostly a bit biased.
You are straight...but thanks for the info. :D I am heading to reddit for the posting...

Re: CentOS and redhat

Posted: 2015/08/17 19:54:08
by aks
Redhat has the stance of absolute stability in both kernel and userland A[B|P]I across relases. So does CentOS. RH spends a shed load of time and money to ensure this (and CentOS benefits as well). Every RH/CentOS release is "guaranteed" (if you're paying the $$$$$) for X amount of time. Ubuntu does not, nor does Debian. Debian is more a kin to Fedora and Ubuntu is more somewhere in-between.
It depends on what you need. RH back ports fixes in a manner that they won't break something upstream. SuSE does do this too, but only on SLES.

Re: CentOS and redhat

Posted: 2015/12/26 14:40:11
by linuxnewb
CentOS or RHEL will both bring you the greatest server stability. Other distros will bring you the latest and greatest bells and whistles. For web servers I always use CentOS.

Re: CentOS and redhat

Posted: 2016/02/12 19:22:13
by lm-adc
Fellow Linux users:

If you use any version of Linux, especially pay versions, you will ask or you boss will ask you, these question(s) "Can we save some money using CentOS vs Red Hat (RHEL)?", "Are/Aren't they the same thing?", " Will it (CentOS) work in our environment?" and many other questions.

My boss has asked me to research such things. I have searched and researched. I haven't seen a fact anywhere, what I have found is a lot of conjecture, consultant speak, etc.

Realistly, the boss wants to know, "What is the Cost vs Risk?"

I was recently speaking with two Red Hat employees (over licensing) and explained to them my dilemma. I asked them what was their take and if they had anything on "Red Hat vs CentOS". I was sent over a presentation titled "The Red Hat Enterprise Linux advantage over CentOS in your enterprise" My boss upon reviewing the presentation stated "that is very biased toward RHEL" I asked and I was told by the Red Hat employees "This was the current presentation, even with some of the link dates were 2012 and it was in the public domain and I could post it here." I'm not going to post the entire presentation here, it is very long.

However, this is why I am posting this here. I want the biased CentOS side to some of the statements from the presentation. I'm going to ask that you begin by stating your affiliation with CentOS (developer, user, employee, etc.) and how long. Then, let me have your bias and response to the statements and questions below.

RH statement #1:

CentOS is not Red Hat Enterprise Linux

While CentOS may be derived from RHEL sources...
CentOS does not include ALL Red Hat Enterprise Linux source code
CentOS includes packages and capabilities not found in RHEL
CentOS is built and tested in a completely different environment than Red Hat Enterprise Linux
CentOS has not achieved any government security certifications
Major hardware and software vendors do not certify CentOS for use with their products

Question(s) #1: Well, is CentOS the same? Red Hat states it is not.

RH statement #2:

The CentOS project is not a company
The CentOS project provides no legal warranties, guarantees, or indemnification to their users
The CentOS project has no formal support relationship with Red Hat
Updates and patches for CentOS lag behind Red Hat Enterprise Linux
CentOS project only supplies updates and patches for the latest versions of the OS – no Extended Update Support or Extended Lifecycle Support

Question #2: Is CentOS a company? Who or what is responsible/liable when you have no company behind the product?

RH statement #3:

CentOS is not a certified or supported virtualization host or guest for Red Hat Enterprise Linux
CentOS is not a certified or supported platform for many enterprise applications or databases (e.g., SAS, SAP, OracleDB, OracleMiddleware)
Red Hat has a contract with Oracle to redistribute Oracle Java SE binaries (including the JDK and JRE) and to support those products as part of a RHEL subscriptions.
CentOS does not ship Oracle Java SE; CentOS users who wish to use Oracle Java SE must download and install it directly from Oracle.
CentOS user who would like to have commercial support for Oracle Java SE have to purchase a separate support agreement from Oracle
Oracle does not recognize CentOS as a certified platform for Java SE

Question #3: What if...your application suddenly doesn't run or perform well? What if...your application won't run on your new hardware? Can CentOS help solve these?

I found this current issue: viewtopic.php?f=47&t=56402
and many others unanswered in the forum.

RH Statement #4:

Security CVEs are issued for Red Hat Enterprise Linux, not CentOS
Applying CVEs to Red Hat Enterprise Linux is an automated process
Identifying which CVEs correspond to the appropriate Red Hat Enterprise Linux security patch and ensuring they are applied properly becomes a manual process with CentOS

A few words from CentOS on CVEs

“...CentOS does NOT usually do any verification with respect to CVE issues. We build what Red Hat releases when they release it. Their security and engineering teams are the ones that research the problem, develop a plan, write code, build the new packages and test to verify that:
1) There was a problem that needs fixing.
2) The fix proposed actually fixes the vulnerability (in RHEL).
We then grab the released code after Red Hat publicly releases it and build it for CentOS.
What does this mean for CentOS users ... it means that YOU are responsible to test that there is no longer an issue in YOUR environment after you do the install. If you want a CERTIFIED fix that has been tested, that is what Red Hat provides in RHEL. The reason they charge a subscription price is because they do all this testing and they provide assurance that the issues are known, fixed, tested, and certified as mitigated. “
- Johnny Hughes, CentOS project team member ... 43094.html

Question #4: What if... a security vulnerability is discovered in your OS?
Scenario: "A dangerous security vulnerability in CentOS is posted to the web"
Do I have my IT staff research a workaround to secure my systems until a patch becomes available?
Do I have my IT staff research and generate their own patch and maintain it?

I asked for information about you earlier, As for myself, I have been using some version of unix since the late 70's, versions include BSD, Xenix, SCO, AIX, HP-UX, Linux (many flavors). I have been at my current company for close to 19 years, various positions. Currently, I use mostly RHEL 6, about 150+ installations with some CentOS, Ubuntu and Linux based appliance.

I appreciate any responses that I receive, apologize for any typos or grammar mistakes and would like to Thank you in advance for your time.

One with Questions!


Re: CentOS and redhat

Posted: 2016/02/13 11:42:46
by aks
I didn't read the entire posting, but if your OS choice is critical to your business and you want somebody to sue or sort out a specific problem for you when things go wrong, buy RHEL - that's a large part of what you're paying for.

Re: CentOS and redhat

Posted: 2016/02/13 13:57:25
by owl102
lm-adc wrote:My boss upon reviewing the presentation stated "that is very biased toward RHEL"
What does your boss expect? RHEL costs money. CentOS is for free. This is the only benefit of CentOS over RHEL. What other benefits of CentOS over RHEL does he expect for free? :roll:

Re: CentOS and redhat

Posted: 2016/02/13 14:11:12
by TrevorH
It's pretty simple really: CentOS takes RHEL source packages and rebuilds them. They come from the same source that the RHEL packages come from. They are rebuilt in an automated way as soon as the source packages hit the ftp or git sites and the resulting binary packages are then installed and some minor testing done to make sure that they function correctly. If they pass that test then they are signed and pushed to the mirrors and are made available to everyone. CentOS offers those packages up for nothing and you have no warranty or support. If the lack of those two things bothers you then pay for a RHEL subscription. If they don't then don't.

Re: CentOS and redhat

Posted: 2016/03/18 04:30:51
by russfink
Even though my company has a RHEL license, I use CentOS because I'm going to encounter problems that tech support can't solve anyway, so why incur the endless RHEL spam that comes with registering a license. Hint: "unsubscribe" does not work.

Aside from that, CentOS "is not" RedHat, but it is close enough to give the benefits that the typical RHEL user looks for: decent features without the crazy random upgrades from Fedora or the Compiz highjinks from Debian or the Mark Shuttleworth "let me sell your searches" baloney from Ubuntu or the do it yourself Dante Install Inferno from Arch, Gentoo, or Slackware. Basically, CentOSians from what I can tell don't want to live on the edge, they want something that basically works that has a decent package manager and automatic updates. And is free. Of course.

Just my two cents.