The recent announcement about the future of CentOS has sparked a lot of questions across the CentOS community and ecosystem.
As you may know, the XCP-ng project is an active and proud member of the Xen Project. But it does use CentOS as its Linux base. As such we will be affected by the changes in the CentOS project since we are downstream users of this distribution.
So while the question of what distribution we will use in roughly 3 years is open at this stage, we felt necessary to provide the community with some context so that it's clear that we are not exactly concerned or even in a hurry to do anything about the new state of things.
Support: at least 3 years
As you may know, XCP-ng is currently using CentOS 7. And that's a pretty good news because CentOS 7 will be supported until the year 2024. This gives us some time to think about the best path forward.
Only partial downstream
When we claim that we are downstream users of CentOS, what we really say is that we do rely on CentOS for the parts of a Linux distribution we do not already take care of, and we do maintain several critical packages ourselves: Xen of course, XAPI, the kernel and a many others (over 140 packages!).
So security updates are actually taken care of mostly by Citrix and us. In fact, it may help to see the breakdown of who takes care of what in order to get the right idea.
See the "built-by" column on our Github pages: http://reports.xcp-ng.org/8.2/reports/report_versions.html
But also our RPMs repo hosted in GitHub: https://github.com/xcp-ng-rpms/
This is yet another important thing to keep in mind
It is our understanding that the next CentOS, CentOS 8 Stream, will undergo some serious testing, so it's not like it's going to be a beta or an alpha stage distribution. Even if there were problematic issues, CentOS updates/upgrades are not pushed automatically to XCP-ng instances or even to our main development tree: we decide when to downstream bits of CentOS.
Switching distro (or not)
As mentioned before, we may indeed decide to switch distribution; we can do it if necessary, but right now there's no actual need that we can see.
At the end of the day, our goal is to make sure our community gets the best turnkey experience with the best security possible; these will be the principles against which we will assess what needs to be done with our Linux base. If you have any questions, feel free to go into the dedicated forum thread.