Re: Fixing grub/shim issue Centos 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 8/7/20 5:30 AM, Phil Perry wrote:
> On 07/08/2020 10:01, Johnny Hughes wrote:
>> On 8/7/20 3:46 AM, Nicolas Kovacs wrote:
>>> Le 07/08/2020 à 09:40, Alessandro Baggi a écrit :
>>>> Probably many users have not updated their machines between the bug
>>>> release and
>>>> the resolution (thanks to your fast apply in the weekend, thank you)
>>>> and many
>>>> update their centos machines on a 2 months base (if not worst). I
>>>> think also
>>>> that many users of CentOS user base have not proclamed their
>>>> disappointement/the issue on this list or in other channels. For
>>>> example I
>>>> simply updated in the wrong time.
>>>
>>> I'm using yum-cron to keep all my server updated on a daily basis.
>>>
>>> And my question "How could this have passed Q & A" was obviously
>>> directed at
>>> Red Hat... and *not* at Johnny Hughes and the CentOS team who do
>>> their best to
>>> deliver the best possible downstream system. I raise my morning
>>> coffee mug to
>>> your health, guys.
>>>
>>> Cheers,
>>>
>>> Niki
>>>
>> I can assure you .. a BUNCH of testing was done.  Because of the scope
>> of this udpate, the CentOS team was looped in during the embargo stage
>> (we normally are not .. Red Hat Engineering got permission to make this
>> happen for this issue). Normally we see things that are open source only
>> .. not embargoed content.  Once the embargo gets lifted, the items
>> become open source.  Kudos to the RH team for making this happen.
>>
>> The CentOS team worked with the RHEL team on this update for several
>> days (more than a week, for sure, maybe 2 weeks)
>>
>> I gained MUCH respect for all those guys .. especially  Peter Jones.  He
>> is Mr.Secure Boot.
>>
>> I personally tested both the c8 and c7 solutions on several machines
>> (All i have access to actually, including several personal machines that
>> have secureboot).  I saw some of the testing that happened on the RHEL
>> side.  It was extensive.
>>
> 
> I'll just add to Johnny's already comprehensive reply. As a member of
> the CentOS QA team, I personally tested the update on 3 physical
> machines and all worked fine. Moreover, the QA team was not able to
> replicate the issue on a single physical machine available to them - the
> first indication of a problem came from public reports. We give up a
> huge amount of our personal time and resources to ensure CentOS (and
> RHEL) are the very best products they can be. I'm unsure what more could
> have been done.

Thanks Phil,

I very much appreciate all you and the rest of the QA team do.

I know it is a knee jerk reaction to say .. how did that not get caught.
 I actually said it MYSELF for this very issue.  But looking back, I am
not sure how we could have caught it.

"Stuff Happens"  :)

There are just a huge number of possible combinations.

> 
>> Microsoft, Debian, Ubuntu and others also had issues with this .. so if
>> you are losing trust, you are losing it with all OS vendors WRT this
>> issue.
>>
>> All I can say is .. this issue was the hardest thing I have been
>> involved with since starting with the CentOS Project 17 years ago.
>>
>> Obviously, everyone involved in this build would have prevented this
>> from happening if they could have.  Secureboot is complicated.


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux