<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Pedro,<div class=""><br class=""></div><div class="">As Phil says, the kernels are provided 'as-is', but I'd like to give you a quick sample of how we've found it in production.</div><div class=""><br class=""></div><div class="">We run anywhere between 250-2000 CentOS 7 VMs each year.</div><div class="">We have been using elrepo kernel-ml on both our VMs and our physical SANs / storage servers and our physical backup servers for the past 3~ years.</div><div class="">We install the latest kernel-ml package as soon as it's available (we automate everything, the kernel package is ensured that it is the latest available every 20 minutes~).</div><div class=""><br class=""></div><div class="">In those 3~ years we have had (from memory) two problems:</div><div class=""><br class=""></div><div class="">1. Only affected our storage servers, it was some odd kernel bug that caused some DRBD issues, when we noticed a pattern we just booted into the previous kernel and the bug was fixed (upstream, in the kernel itself) about 5 releases later (it wasn't very well reported to the kernel devel team or it would have been quicker, at any rate - nothing to do with elrepo or kernel-ml).</div><div class=""><br class=""></div><div class="">2. A problem that may have affected intel 7xx series NICs that was again an upstream kernel bug, saw the problem straight after rebooting into the new kernel, rebooted into the last kernel - it was fine, left it for a couple of days until the next build was out - tried it and it was fine.</div><div class=""><br class=""></div><div class="">Other than that - kernel-ml has do nothing but provide us with <i class="">much</i> better performance and new features (we use a lot of 'newish' things like NVMe, containers before they were cool, new hardware, self design software defined storage / SANs etc....).</div><div class=""><div class=""><br class="webkit-block-placeholder"></div><div class="">For me and my engineering team it's an absolute no-brainer to use kernel-ml and there's no way we'd be seen dead running the stock centos 3.x kernels to be honest.</div><div class=""><br class=""></div><div class="">note: we don't use any weird 'black box' oracle / ibm or the likes hardware that require special kernel drivers to be installed etc... but I haven't seen people do that much on x86 these days anyway.</div><div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class="">--<br class="">Sam McLeod<br class=""><a href="https://smcleod.net" class="">https://smcleod.net</a><br class="">https://twitter.com/s_mcleod</div>
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 11 Jul 2018, at 08:39, Phil Perry <<a href="mailto:phil@elrepo.org" class="">phil@elrepo.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On 10/07/18 18:57, Pedro Flores wrote:<br class=""><blockquote type="cite" class="">We recently started using ELRepo’s kernel repositories in a subset of our production infrastructure to deal with some issues we were experiencing with CentOS 7.5 latest kernels. Our security team has some concerns about how quickly ElRepo releases new kernel packages that address either major bug fixes or CVE exploits after the kernels containing these updates have been released by the Linux Kernel Main archives. Is there a certain amount of time that we should expect new kernels to make it to ELREpo yum repositories after they have been released by the Linux Kernel Archives folks?<br class="">Thanks in advance.<br class="">*--*<br class="">**<br class="">*Pedro Flores*<br class=""></blockquote><br class="">Hi Pedro,<br class=""><br class="">Did you read the release announcement(s)? The relevant part to your question is here:<br class=""><br class=""><br class=""> These packages are provided "As-Is" with no implied warranty or<br class=""> support. Using the kernel-lt/-ml may expose your system to security,<br class=""> performance and/or data corruption issues. Since timely updates may<br class=""> not be available from the ELRepo Project, the end user has the<br class=""> ultimate responsibility for deciding whether to continue using the<br class=""> kernel-ml packages in regular service.<br class=""><br class=""><br class="">Your security team are free to review our previous performance to get an indication for how quickly kernel packages are typically released, but past performance should not be taken as a guarantee for future release time scales.<br class=""><br class="">If you have issues with the EL7.5 kernel in a production environment and do not have the expertise to fix it in house, I would highly recommend you purchase RHEL subscriptions and raise a support case directly with Red Hat to have your issues resolved. As stated in our release announcement(s), our kernel packages are not intended for production use. Elrepo is a voluntary project and Alan handles all kernel builds single-handedly on donated limited build hardware. As such, we are unable to offer you any guaranteed level of service, hence my recommendation to purchase RHEL subscriptions if that is what you require.<br class=""><br class="">Hope that helps,<br class=""><br class="">Phil<br class=""><br class="">_______________________________________________<br class="">elrepo mailing list<br class=""><a href="mailto:elrepo@lists.elrepo.org" class="">elrepo@lists.elrepo.org</a><br class="">http://lists.elrepo.org/mailman/listinfo/elrepo<br class=""></div></div></blockquote></div><br class=""></div></body></html>