dcsimg

CentOS 5.6 Finally Arrives: Is It Suitable for Business Use?

CentOS bills itself as an alternative to RHEL or Novell's SUSE Linux Enterprise Server, but can you trust it to run your business?

The CentOS project released CentOS 5.6 on Friday April 8 a mere five days short of three months since Red Hat released Red Hat Enterprise Linux 5.6. Meanwhile CentOS 5.x users have been without security updates, and CentOS 6 probably won’t roll in until RHEL 6 hits the six-month mark. Can the CentOS project be relied on for anything but hobby usage?

Once upon a time, the CentOS project looked like a great alternative to RHEL or Novell’s SUSE Linux Enterprise Server for small companies or organizations that had little money to pay subscription fees. Binary compatibility with RHEL but a small lag in updates and no support — not a bad deal for cash-strapped organizations and users who want to be familiar with RHEL but don’t want to shell out upwards of $350 a year just for a RHEL subscription.

The project, on its front page, says that it’s “enterprise-class,” and says it has advantages over other “clone projects” thanks to “quickly rebuilt, tested, and QA’ed errata packages” and “developers who are contactable and responsive.” Let’s look at these claims in the light of recent CentOS activity.

Enterprise-class is partially true, as the project takes great pains to be binary compatible with RHEL. So let’s give half points for that one. The other half of “enterprise-class” is that updates arrive in a timely fashion, which is notably false for the 5.x series. If I understand correctly, there have been a handful of updates prior to the release of CentOS 5.6 for the 5.x series — but nothing else. So, if you consider timely updates a requirement for “enterprise-class,” we can count CentOS out now.

The same goes for the claim of “quickly rebuilt… errata packages.” Unless the definition of “quickly” has changed drastically in the last few years, this is out the window.

As for developers who are contactable and responsive — well, you can contact them, and they might even respond. Well, the project leader — Karanbir Singh — didn’t bother responding when I sent him questions a few weeks ago asking what the status was for 6.0 and why it’s taking longer than prior releases. It’s been sort-of addressed on the CentOS list when other people have asked about the release, but I was hoping to get an official response for publication. No dice.

If you read through the developers list, what you see is a very small team of core developers that seem to have very little interest in expanding the crew or having an open project. The team has gotten increasingly defensive as the releases have gotten later and later, though now that 5.6 is out the door I see a little softening and searching for feedback on the part of Singh. But as one poster said “you can’t expect positive feedback and mailbox full of scripts after many weeks of ‘you don’t like it, go aways.’”

In short — the community has good reason to have lost faith in the CentOS team at this point, as the CentOS folks have basically been very poor at communicating with the larger community that depends on them. It doesn’t help to have a member of the CentOS team telling people CentOS is for the community… it is not BUILT by the community. (Emphasis mine, caps theirs.)

Nobody Got Fired for Buying IBM: You Might for Deploying CentOS

You know the old saying, “nobody ever got fired for buying IBM”? I don’t know if that’s true or not — seems likely to me that somebody, somewhere may have been fired for buying IBM in its rather lengthy history, but as a rule it’s a good call. And it’s quite likely that people have been laid off to make room in the budget for an IBM purchase, but I digress…

IBM might be pricey, it might not be sexy, but you can count on it. On the other hand, if you’re betting your job on CentOS, and some admins are, you might want to think twice.

Imagine your boss coming into the office and after reading about a major vulnerability in the Linux kernel that affects RHEL. Now, imagine explaining to your boss that even though Red Hat patched the vulnerability three weeks ago, you haven’t updated the company’s servers — and you don’t have any idea when you’ll be able to. When will the CentOS team release an update? No idea, and asking on the list just draws flames from the CentOS developers. Can we help? No, go away. Don’t like it, go elsewhere.

Just Volunteers

CentOS is a volunteer project, and the team that runs CentOS can stick to any schedule they want to — or not, as the case may be. But the project does make claims in a roundabout way about its suitability for enterprise use and “quickly built” updates. They might want to see to the language on the site if they wonder why users are getting bent out of shape when updates are months in the making. (The FAQ says “our goal is to have individual RPM packages available on the mirrors within 72 hours of their release” — and they’re quite a ways away from that.)

If CentOS is to remain even remotely relevant, it’s going to need to change the way the project is structured and find a few more volunteers to handle the load. And that’s going to require a change of attitude on behalf of those running the project, and the involvement of more than the core team that CentOS has going for it now.

LWN recently wrote about the long delays and called on consumers of CentOS to step up and pitch in. There’s merit to that if the core developers make it possible to do so. At this point, I hate to use the f-word (not that f-word, I use that quite often…) but it seems to me that it may need a fork or new effort to provide a reliable Red Hat clone that’s totally compatible. I’m aware of Scientific Linux, but they don’t try to be quite a direct clone of RHEL, which is what quite a few people need. (Red Hat could help things by offering a subscription that lets individuals support them at less than $350 a year…)

I’m pretty bummed about the direction that things have taken with CentOS. In the past I’ve recommended it as an alternative to RHEL for companies that are not in a position to dole out big cash for RHEL subscriptions. No longer — I’d sooner suggest that companies take up Debian or Ubuntu Server or scrounge up the cash for the subscription. Not that there’s anything wrong with Debian or Ubuntu LTS Server — but a lot of software is certified and packaged for RHEL that’s not certified for Debian or Ubuntu.

CentOS has been a valuable part of the Linux ecosystem for some time. It’s even been beneficial to Red Hat by helping it maintain its status as the de facto enterprise Linux, without competing too fiercely for support dollars. But the extreme delays in the release of updates for 5.x and the total absence of 6.0 after almost six months gives me little confidence in the CentOS project as it’s run today. It’s neither a community project in any real sense, nor suitable for enterprise or even small business use. It doesn’t have to remain that way, but as it stands now it’s not good business sense to rely on the project even if it costs nothing in support fees.

Comments on "CentOS 5.6 Finally Arrives: Is It Suitable for Business Use?"

mariochamorro

I’d like to defend the CentOS project’s characterization as ” a very small team of core developers that seem to have very little interest in expanding the crew “. A big concept in Open Source projects is the idea of a Meritocracy . This means that a contributor has to earn their place with the core developers . What little instruction manual exists was enough for those with the chops to become part of the CentOS project . A quick read of the mailing list gives you a URL for bugs and the basic instruction to grab the redhat-logos SRPM and start rebuilding with that.

That said, I do agree that the CentOS delays warrant a review of it’s use in a business . There was recently a root vulnerability in Exim . We were hacked . Our Red Hat systems were patched, but our CentOS machines stayed wide open . Fortunately, the Red Hat RPMs were compatible with CentOS so we were able to fix the problem , but it was decided that our front line machines could not be CentOS anymore .

When compared with the thousands spent on hardware, data centers and technical salaries, a couple hundred dollars a year doesn’t seem like a big deal for an OS.

Reply
stevewardell

As a user of Red Hat and of CentOS I think you’ve missed some vital parts of the CentOS solution in your text,

Reply
jclambert

If I wanted quick releases, I would use Ubuntu. I want long term solutions that are tested and work in the Enterprise.

Period

Reply
JMMR

What about Scientific Linux (SL), wouldn’t that be another solution for those who want to use a RHEL clone. SL has already released version 6 as well.

Reply
mickrussom

This project has some fairly totalitarian overlords that hide the meat and potatoes on how to cobble together a whitebox distro.

And its too bad, as many of the competing whitebox RHEL distros gave their lives to this project, Whitebox, Tao, etc, and now the overlords run it like a bunch Skeksis brooding over a dark crystal that is cracked and need of repair.

Reply
    hughesjr

    CentOS is doing nothing any different than they have been for 8 years. It not like they have changed the way they do things.

    Reply
znmeb

Yeah, I have to agree – for whatever reasons, the CentOS community has lost their way. I suspect it’s because the majority of “community” Linux people have gone with the corporate-supported community distros – openSUSE, Fedora and Ubuntu. That’s where the action is; that’s where the money is. CentOS is just plain boring – it has to follow RHEL by definition.

I’m curious, though, about Scientific Linux. They at least have some support from their laboratory community and have been able to put out releases and updates.

Reply
    cjcox

    Not all community people are focused on end user/home user scenarios though. Many are interested in the long term support and resources provided by the enterprise distros, primarily Red Hat RHEL and Novell SLES at the moment.

    Boring? Maybe from a pure bleeding edge viewpoint, but business needs something that does not change everyday, something dependable and well supported for many, many years. The consumer distros like Ubuntu, openSUSE, Fedora, etc, make excellent temporary desktops, but you will be forced to upgrade… they are not meant to last for 5+ years of operation, something that corporations are looking for.

    Reply
marian75014

What about “Scientific Linux” ? it’s already RHEL 6 compatible…

Reply
hughesjr

CentOS is installed on millions of machines worldwide … have a look at this:

http://w3techs.com/technologies/details/os-linux/all/all

Reply
eoverton

I think that issue is with 5.6+. I would Centos 5.5 was updated within weeks of the Redhat version. I beleve the real issue is http://www.linux.com/distrocentral/distronews/415253:red-hats-qobfuscatedq-kernel-source. Therefor making it harder to create the next version. I believe the Overlords of Centos should allow more community help. This pattern will only cause death.

Reply
mmcgreal

If you’re running your business on CentOS you’re stupid. The only time you should be using CentOS on a server is when you don’t need support for those servers. Otherwise, you should be using a commercially supported OS.

CentOS is a project run by volunteers. They’re doing the best they can for free, so why are you being such a jerk?

Reply
    veggen

    Sorry, but “we’re volunteers” is not an be-all end-all argument. If you promise something and then fail to deliver, you can be a volunteer all you want, you still deserve to be called out.

    Reply

    Obviously you have not used or needed an inexpensive enterprise class server. I built a CentOS server for our hosted email server. The server provided email and some FTP and that was essentially all I exposed to the Internet. Most patches and updates I installed were to keep the server “up-to-date” and I was only truly excited when vulnerabilities were for packages that I was actually using. If a vulnerability was discovered and a patch was not directly available in binary form, I would download and build the patch from source. Being able to build from source insulates you from long delays when needed.

    Reply

    You’ve got it in one. Cou’dnlt have put it better.

    Reply
hugues_talbot

Personally I’m more worried about CentOS than upset or angry. I wonder what is going on. It has been very good for us on a 14-blade compute server for which we could not pony up the up to $4K yearly subscription to RHEL, per blade, that RH is demanding.

We are looking at SL right now.

Reply
johnstetter

Your quotes related to IBM show your perspective. Trying to instill fear into the not-so-technical readers is sketchy, at best. Too many business-type folks running things over @ Linux Magazine these days?

Reply
bigmans

DEBIAN IS VERY STABLE, it good for sever

Reply
thejonasnet

I’ve been using CentOS as my Primary Domain Controller for my Windows 7 PC’s, also for my web servers, and my Zimbra server it’s a great product!! I really appreciate the hard work from the CentOS team.

Reply
ps_sabu

CentOS is the best Th writer is trying to black wash the product The release of bugfixes of the distro has followed this pattern for eight years and it is now this author is noticing it Regarding the small group of volunteers making up the team They only rebrand the SRPMS

Reply

Why your link is a 404 for me?

Easy dinners

Reply

CentOS is my first choice for operating system solution because the feature of this OS is enough to provide my business needs, I used to use Windows XP but I stopped using it since the cost of maintenance quite big such as firewall, anti virus, etc.

Reply

this system has doing well keep it up.

Reply

Isn’t CentOS just a s/RedHat/CentOS/g of the RedHat source code?

Reply