CentOS Project Administrator Goes AWOL 492
An anonymous reader writes "Lance Davis, the main project administrator for CentOS, a popular free 'rebuild' of Red Hat's Enterprise Linux, appears to have gone AWOL. In an open letter from his fellow CentOS developers, they describe the precarious situation the project has been put in. There have been attempts to contact him for some time now, as he's the sole administrator for the centos.org domain, the IRC channels, and apparently, CentOS funds. One can only hope that Lance gets in contact with them and gets things sorted out."
Let's just hope for the best (Score:5, Interesting)
This kind of thing really scares me, because this is exactly what it happens when someone dies, for example: the data/information stream coming from them on the web simply ceases to exist. Also, this is one of the main reasons why important projects should have their main assets handled by a group of people, and not have things centralized. If the worst has happened, CentOS will be forced to fork their project and start over.
But let's just hope I'm spewing bullshit and he's just pissed off.
Re:Peace (Score:5, Interesting)
Somewhat concerning, considering the number of CentOS servers I have in the wild.
I'd suggest disabling yum updates on your CentOS boxes until this gets sorted out. Might want to do updates by rebuilding src rpms directly from Redhat.
Just the fact they even have to address an issue like this makes me nervous.
I was already worried about CentOS/RHEL (Score:2, Interesting)
My first server was a boxed copy of Red Hat 5.2 that I bought for $300. It has the export-restricted SSL (pre-Clinton liberalization of encryption).
Around Fedora Core 3 I switched to CentOS for my servers.
However, I've been worried about how out-of-date CentOS currently is, basically a snapshot of FC6.
Yum keeps a box up-to-date with security back-patched code that is 2 or 3 versions out of date. Try to get a F4180 printer to work under the old CUPS. Try it.
So guys like me use CentOS but then in order to have the most recent versions of MySQL and PHP, we compile everything from source. This is a problem because we then only patch for security every 6 months or when we think of it (or when there's a big scary headline on Slashdot).
After switching my laptop to ubuntu, I discovered that the environment is now as deep as I need it to be. I was able to replicate my entire environment, including email and dns, on ubuntu, either with source or with apt-get .deb files.
So although I grew up a Red Hat man, I'm forced to consder Ubuntu for the next server. More worrying, when I ran the idea by my colleaugues they were open to the idea.
So get your whois registration and bank account sorted out, by all means.
And then hope that Red Hat releases a version of RHEL RSN based on Fedora 11.
Re:Excellent example.... (Score:1, Interesting)
CentosOS will never die. Ultimately I will fork it and continue it. That's the guarantee you have for good projects.
I don't think you understand what CentOS is about. The idea is that it mirrors the exact same source code contained in various Red Hat distributions, made available with free "community" support instead of expensive paid support from RHT. A fork would be devastating because customers wouldn't have the same confidence that the code was as thoroughly vetted as a Red Hat release.
Not the first time... (Score:4, Interesting)
One of the other key developers, Karanbir Singh, disappeared (albeit for a very legit reason...he got married and had the gall to go on a honeymoon ) at a very inconvenient time during which a version update was to be released earlier this year. The remaining developers either wouldn't or couldn't complete the process in his absence....the end result being a significant delay in the CentOS 5.2-->5.3 upgrade process.
I have been an active user of CentOS since version 3 (back in 2004) and it would really pain me to see such a great project fall on hard times or disband/fork. Enough of my production machines are running on CentOS that this latest strangeness has got me seriously evaluating Ubuntu's server product for low budget applications and convincing other deeper pocketed clients to consider reverting back to RHEL.
Here's hoping they manage to sort things out and come up with a more evenly distributed model for project responsibility.
Re:Let's just hope for the best (Score:3, Interesting)
Actually- it's concerning... but not a crisis.
Some of my boxes have data continuity from RH 7-9, then Whitebox Linux, to CentOS 3-4-5.
The pain is in the migration. The joy is in the freedom.
If CentOS bellies up I have enough boxes to justify maintaining myself from source rpms, or moving to another RHE based distro. It's always a pain. But I bet I got 8 years of functionality from Whitebox/CentOS. A pretty good deal.
Re:Not the first time... (Score:5, Interesting)
Ubuntu Server?
No offense to the Ubuntu team intended (or to you) but that's not exactly a hardened OS with the kind of long term support one needs in a data center.
If low budget to you is a simple LAMP stack- then maybe. But no one has been beating up on Ubuntu server- and it really needs professional QA before anyone tries to use it for more than a novelty.
The logical alternative for new deployments would be Debian, if you wanted to dump RPM based systems.
Re:Not the first time... (Score:1, Interesting)
The remaining developers either wouldn't or couldn't complete the process in his absence....the end result being a significant delay in the CentOS 5.2-->5.3 upgrade process.
Adding to this point, the result was a significant period of time where CentOS wasn't receiving any security updates. And since CentOS is primarily just a recompiled and rebranded version of Red Hat's Enterprise Linux, an attacker could use the Red Hat security advisories as a roadmap of the holes in even the most up-to-date CentOS system.
I don't recall off-hand exactly how long that period of no updates was, but I think it was at least a month. It was a pretty shocking failure at project management.
So go take over. (Score:4, Interesting)
You mean that of all the 'geeks' that are working on this 'project', no one can take over the IRC channel and domain name? Its pretty trivial to do both, even today, with all the 'safe gaurds' in place. I haven't tried to steal a bank account but that seems pretty trivial as well.
So tell me exactly why this is a problem for a bunch of geeks?
Re:Eggs. Basket. (Score:3, Interesting)
One of the consultants I worked with always thought "hit-by-a-bus" was too negative. So she always asked what the company would do if Joe Overworked won the lottery. (sheeyah... the BUS lottery)
Other way more likely scenarios;
Joe takes another job, takes a vacation to avoid burnout, gets sick - job stress lowering his immune system and all...
Re:Not the first time... (Score:5, Interesting)
Ubuntu has slowly made it's way to the data center over the last couple years and it's doing quite well. Typically admins will use the LTS versions which are supported for 5 years. You can also upgrade directly from one LTS version to the next LTS when it comes out, no need to hit any of the minor version in between.
Ubuntu is seeing HEAVY use in virtualized environments, like Amazon EC2, and since it's built off of Debian it inherits much of that distribution's stability and polish.
I've been a professional Linux admin for 15 years, have run everything from Red Hat, Cent OS, Gentoo to Debian in the data center and definitely think Ubuntu Server has its spot in the data center as well.
Re:Peace (Score:2, Interesting)
Re:Wait a little more (Score:4, Interesting)
I do the same but I let people know. Plus I have a cool device that let's me hit a button and it sends an email...
"I'm ok, I am at XX.XXXXX YY.YYYYYY"
I carry it to keep people I know calm, plus it has two other buttons..
1 sends "I am physically ok but need some assistance or to be picked up at xx.xxxx yy.yyyy"
the other sends a regular emergency beacon of "I am in need of help right now. Consider this a 911 emergency call, I am at xx.xxxx yy.yyyyy"
it sends to a list of email addresses and has coverage wherever it can see the sky.
its a SPOT personal GPS from http://www.findmespot.com/en/ [findmespot.com]
works great, I dont get bugged and I can call for help/ calm the easily freaked out people in my life.
Re:Is This Bus Syndrome? (Score:5, Interesting)
I totally agree with the "bus syndrome" thinking. At one company I was at for many years, the boss had that concern. I was the senior SysAdmin, who created and managed the entire IT infrastructure. To alleviate it, everything was documented. A copy of the passwords were kept under lock and key. Server functions were well documented. My assistant(s) (depending on the year I had 1 to 4) could continue smooth operations without me.
Keeping the "bus syndrome" mentality, should I be unavailable for a day or days, there were no problems. I could fly between cities to do work, and not panic that the whole world was going to fall apart while I was on a plane. I still got plenty of phone calls, simply because it was my baby. Junior admins didn't want to make widespread changes without my seal of approval, even if it was a quick phone call where they gave me a brief outline of their changes, and I gave them verbal approval ("Go for it. Let me know how it goes.").
The day came that they decided I wasn't necessary. I was locked out of the machines per my own plan, and then notified that I was no longer part of the company. Whoever did the changing wasn't quite as consistent as I was and missed a few spots. Being a "good guy", I verified that I was locked out of everywhere, and sent a list (it was short) of what I still had access to, so they could get those too. The missed spots were non-essential, so even if I had a desire to do bad things, I couldn't have broken much.
The password plan had better motives than firing the top guy. On password change day, I issued the passwords on slips of paper to the people who needed them (and to the vault). Should someone's passwords become compromised, I could have all the passwords changed in approx 5 minutes. Should something seem funny, we'd change the passwords. Usually we just changed them because the existing passwords had been in use for too long. We did have someone lose their USB key with their SSH keys on it. We went through the well practiced drill. It turned out to be just an exercise. The key had fallen out of his pocket, and was under the seat of his car.
When they terminated me, the company lived on. The transition was smooth without me. I may as well have been hit by a bus. No one asked me "how do I....?", because it was all there for those with access who knew what to look for. Even if we had a walkout of all IT staff, things were documented well enough where an experienced IT person could walk in and keep things running.
We were a high dollar, small staff company. Why should somewhere like CentOS be any different?
Re:Is This Bus Syndrome? (Score:1, Interesting)
this will not be a well written comment, but it is something I have thought about a great deal.
when redhat went pay only and wanted hundreds and hundreds a year for a single system to run RH linux, I and many other people said no way. It was just too much. They have never offered a cheap self supported, updates only license as far as I know. This resulted in an interesting problem. Everyone stopped using RH, and suddenly it became very very hard to google up solutions on the web. Some of my customers paid for RH linux, and I began to dread having to fix minor problems, because instead of googling in minutes to find a solution, I would have to spend time troubleshooting a problem. I have too many customers for that. I actually steered customers away from Redhat as a result.
However, when CentOS got popular, RH became usable again because I could just put Centos in my google query instead of RH EL5 or whatever, and once again RH became something that I could recommend. I think CentOS helped redhat get back a lot of mindshare they lamented loosing when they made that change way back when.
Re:Is This Bus Syndrome? (Score:4, Interesting)
If Redhat were just starting and were still on the edge of financial stability, and a 'CentOS' product started giving away Redhat's product for free, the for profit company could fail.
The original Red Hat product, which they shipped when they were just starting and on the edge of financial stability, *was* completely open source and was very widely given away for free. You could download it from their servers, or get it copied onto a CD for a token charge. It still seems to have worked for them for quite a long time.
Re:Or or course you might go with close source... (Score:3, Interesting)
actually, Solaris 8 end of service life is March 31, 2012. OpenVMS is still alive, new releases coming out periodically, and patches being issued, and support of course available. SGI was bought by Rackable and becoming Silicon Graphics International and support for IRIX is until December 31, 2013.