CentOS: Oracle Linux Doesn't Measure Up
The Voice of Experience
Oracle's plans for its own Red Hat Enterprise Linux (RHEL) product, announced last week, follow on the heels of Red Hat derivatives put together by dozens of open source projects, including CentOS, Pie Box, and Startcom Linux. But this week, members of the influential CentOS community voiced strong pessimism over Oracle Linux.
In Q&As with LinuxPlanet, CentOS developers said they think Oracle's inspiration springs from the accomplishments of open source communities. Yet the CentOS community members also took Oracle to task about issues ranging from pricing policies and bug fixes to Oracle's failure to recognize the contributions of volunteers.
"Oracle [has] seen what has been achieved by projects such as CentOS, and [has] effectively copied the idea, as they are entitled to under the GPL," said Lance Davis, one of CentOS's volunteer developers.
"There is evidence that in places Oracle is a rebuild of CentOS, rather than of Red Hat--again as they are entitled [to] under the GPL. [But] it would be polite for Oracle to acknowledge the fact that they are derived from CentOS and make a donation to the project."
Johnny Hughes, a CentOS community member who is now testing the free version of Oracle's Enterprise Linux, told LinuxPlanet that the software is "poorly documented, extremely buggy, and of questionable security hardening."
Like other CentOS members, Hughes is also unhappy about Oracle's intentions to charge users for updates to its code through the Unbreakable Linux program.
CentOS makes both code and support available free of charge, unlike Red Hat, Oracle, and some other RHEL derivatives. Support is provided through the CentOS community via forums, mailing lists, IRC, and postings on the IRC Wiki, Davis said.
"The CentOS volunteers maintain Web sites, mailing lists, [and] a bugzilla issues tracker for themselves and another rebuild effort. [They also] populate several IRC channels 24x7 for no-charge level 1 ad hoc support. They participate in the FOSS (free and open source software) community. Freely," elaborated Russ Herrold, another CentOS developer.
"CentOS is now and will continue to be fully available--including updates--totally free of charge," according to Hughes.
Users can also obtain CentOS support through third-party companies, "many of whom have Red Hat-certified engineers providing the support," Davis said.
Hughes contended that although Oracle's plan might seem like a good deal on the surface, it won't actually turn into a bargain for companies requiring fully supported "enterprise-grade" Linux.
"I think that [the] major difference [between CentOS and Oracle Linux] is that CentOS is committed to properly providing sustained security releases and refresh updates," according to Hughes.
"[The] Oracle Linux release seems to be compelling as an alternative for a low-entry cost approach to a supportable 'Enterprise-grade' Linux solution. [But] the bargain is [really] not so compelling when one realizes that the delivered product--in the free version presently available for review--is poorly documented and of questionable security hardening," he told LinuxPlanet.
"Anyone can spin a rebuild project and hand out free ISOs, [but] adding the registration hurdle and [a] charge of $99/year per machine will create many boxes that don't get updates. This is irresponsible to the efforts of the Linux community to address security matters and may well set up many businesses-- Oracle's target market with this offering--with 'servers getting owned' targets."
In fact, some other projects are also charging their users, according to Davis, who describes CentOS as "the dominant RHEL project."
"Taolinux was a good contender." Taolinux, however, joined CentOS last year. "White Box was initially in the running but is very slow to update. Others include Scientific Linux, Startcom Linux, xOS, [and] Pie Box, most of which offer chargeable upgrades, downloads or support," Davis said, adding that, in his opinion, Scientific Linux "doesn't remain true to 100 percent rebuild."
Yet the CentOS developers don't believe their distribution is for everyone. "CentOS recommends RHEL for users that require [documented] support by their applications," Davis said.
"[But] for users who do not require that certification and full support by the third-party applications, we recommend CentOS." Right now, Hughes doesn't see how Oracle's Linux offering can succeed against RHEL and open source derivatives unless "IBM, HP and Dell--as some as some other major integrators--abandon Red Hat" in favor of the Oracle product.
"But the [Oracle product] I installed for testing [a few days ago] is not that product," he said. "It is extremely buggy."
In the free version of Oracle Linux, for example, urlgrabber is not installed by default, and the kernel is named so that third-party device drivers do not work, according to Hughes.
The CentOS developers also perceive differences between their own documentation and code modification practices and what they expect will emerge from Oracle.
"Oracle already does not externally mark their RPMS [in ways] that are different. So it is not easy to tell that they have changed," said Hughes. In contrast, CentOS "makes [the] changes clear in product naming."
CentOS is an "enterprise-class Linux distribution derived from sources freely provided to the public by a prominent North American enterprise Linux vendor (PNAELV)," according to Davis.
"CentOS conforms fully with the upstream vendor's redistribution policy and aims to be 100 percent binary compatible," Davis said.
"As is the nature of FOSS, many eyes peruse source code and find bugs, and those found by CentOS users find their way upstream, making the distributions more secure and bug free in the future. [But] CentOS is careful to document and minimize any changes made to upstream code," Hughes agreed.
For his part, Herrold detailed the software development processes used by CentOS community members. First, the developers assemble the source RPMs from another PNAELV "and remove all trademarks, etc., to avoid confusion," he said.
"The CentOS volunteers also add some functionality to use the yum package updater tool. [They] then compile the SRPMS and solve build issues. [providing] a proper and complete build environment. They add back in missing developmental libraries [which the] other PNAELV omitted. [They] validate their builds using comparison tools. They sign the binaries with a proper CPG key, to permit safe distribution through the insecure Internet," LinuxPlanet was told.
CentOS also runs a large global-wide mirror system, tracking security and feature enhancements and "promptly issuing updates and advisories," according to Herrold.
Oracle, on the other hand, could run into trouble with forking, if changes to the RHEL code base are not handled well, according to these CentOS developers.
"There are items that have to be changed, related to the way updates are done, and also regarding trademarks, etc. [But] other than that, CentOS is very careful to submit fixes back to the upstream provider and wait for the fixes to trick back down," said Hughes.
"For most issues, we are the same as upstream until they fix them. To do otherwise is causing a fork. A fork can cause issues. That is why CentOS has separate repositories for [things like] CentOSPlus, FastTrack, CSGFs, etc."
To help minimize changes to the Red Hat code base, extras such as PHP5 are maintained as options in the CentOSPlus repository, according to Davis.
"So [a] normal CentOS install is 100 percent identical to upstream, or as near as it can be given required trademark changes," Davis told LinuxPlanet.
"The standards--things like LSB (Linux Standard Base)--can help. However, when the first major change is rolled into Unbreakable Linux that is not in RHEL--and is not accepted into RHEL--there will be a fork," Hughes predicted.
- 1Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 2Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 3Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 4Linux 4.6 Charred Weasel adds USB 3.1 Support
- 5Linux Top 3: OpenIndiana 2016.04, Ubuntu 16.04 and Debian's New Leader