EL7 is coming, probably, with kernel 3.11 so, the changes in kernel 3.13 and later will (probably) affect EL >= 8.
--- Henrique C. S. Junior http://about.me/henriquejunior Química Industrial - UFRRJ Prefeitura Muncipal de Paracambi Centro de Processamento de Dados On Monday, October 21, 2013 1:36 PM, Yasha Karant <[email protected]> wrote: On 10/21/2013 01:07 AM, Steven Haigh wrote: > >> On 21/10/2013 4:09 AM, Henrique C. S. Junior wrote: >>> As reported in Slashdot[1] in the near future iptables is going to be >>> replaced by NFTables in the linux kernel. The project[2] is said to be a >>> new and best package filtering framework. >>> Have any of you, guys, tried it already and have some experiences to share? >> >> Does it matter? EL6 won't ever have NFTables support. >> >> EL7 probably won't either. Don't stress and keep doing what you're doing. >> > >Perhaps someone familiar with the choices made by TUV will clarify the >above statement: EL7 probably won't either. > >SL and other TUV re-distributors of EL simply build and re-package the >TUV product (removing the logos and non-open copyrighted material, but >keeping all of the internal TUV developer statements -- the actual name >of TUV, that evidently is taboo on this list, is plastered all over the >source code for EL). Thus, the decision as to which family of Linux >kernels to use is a TUV decision. > >However, as fundamental new functionality, or repackaging of existing >functionality with a new API, is incorporated into the Linux kernel -- >not in an experimental way that may be removed, but in the "stable >production" released version - the high reliability approach requires >that the kernel receives extensive field testing (as happens with >Fedora) as well as stress testing and internal hardening against threats >and compromises that may not be as needed in an enthusiast distribution. > >Nonetheless, once a major change (e.g., NFTables replacing iptables) is >done in the base source, the production enterprise version must reflect >the change -- and in less than a decade. Why less than a decade? >Unless there is a fully backward compatible set of APIs, new >applications and revisions typically use the current not historical >APIs. Presumably, there will be NFTables features that application >developers will use that have no iptables backport. > >Thus -- how long is the delay? Typically, are two major releases (e.g., >NFTables in EL8) the usual delay? Does anyone have historical data from >EL/TUV? > >Yasha Karant > > > >
