Vague accusations about shady business dealings?

In the past few days, I’ve had a fair number of DMs and public replies on social networks mention ‘shady business dealings’ that are implied to surround Rocky Linux, and/or CIQ.

In fact, Mike McGrath himself implies something nefarious in this post on Reddit:

The problem of rebuilders has been around forever. Things heated up a couple of months ago when we detected what we think was a continued bad-faith action from one of the rebuilders, not on the code/engineering side but on the commercial/money making side of their house. That’s as far as I’ll go publicly. After that it was just a matter of discussion on what to do about it, so we landed on the announcements I made last week.

Does anyone have any further feedback on this? I have had nothing but pleasant dealings with those in the Rocky Linux community, though I admit I’ve never paid for services from any of the RESF backers (excepting AWS).

Without any evidence, this seems an awful lot like FUD, alongside news articles like this one from InfoWorld that just seems to dig into the clones, with statements that seem dripping with bias, like:

Regardless, this isn’t about making Red Hat happy. It’s about making smart, safe IT investments. That means RHEL, not a quasi-clone.


I was very much puzzled by this part of Mike’s post as well. I’d really like to see the receipts on this one. I’m a founding member of the project board as well as the RESF board and I know of absolutely no shady business dealings. If someone involved in the project is in fact doing something shady, I’d like to know about it so we can bring it to the board’s attention. The RESF and Rocky Project don’t sell anything, so our business dealings are limited pretty much to accepting donations and putting logos on our website. I fail to see how anything shady is even possible.


Could he be talking about Oracle? I know some people in their engineering team and they definitely want to do the right thing, but this doesn’t mean that the sales arm follows suit…

I really wish that someone would come forward and share some real info about this “shady” business! I have been involved with the Rocky Linux project since day one, I am volunteering my time and effort for this project and the cause of open source and I have never heard or seen any shady business happening within Rocky Linux, RESF or CIQ!


Oh also,

“I’m just gonna say it’s shenanigans. And I don’t wanna like, I don’t wanna throw anybody under the bus. You know, they were out trying to make a quick buck, and do what they do, but we had a problem with it.”

That was from this podcast interview a couple days ago.

Sort of how I was hinting at in my twitter replies, the confusion seems to be that Rocky Linux/RESF and CIQ are one entity when we’re not. And I have to imagine that’s the basis for the attacks against us and thus, other rebuilders as a net result. We (Rocky Linux/RESF) can’t really speak to what our sponsors are up to or doing.

I echo @tgmux’s statement in that if there really is shady/bad business dealings that we’ve been doing, I’d like to know so we can bring it up to the board and resolve it. Some receipts may be in order. From my point of view, I/We just work on Rocky Linux, contribute to other projects (e.g. openstack, epel), provide raspberry pi images, and other things. I’m not paid for my work, I’m all volunteer, and I’m OK with that.

To be honest, it’s a bit difficult for me to understand how these conclusions were drawn or how it all came to pass.


Hey Jeff!
I’m going to have to back the others here. While I haven’t been in Rocky leadership as long as the others, I’ve been in the loop of Rocky from the beginning. I’m a volunteer (who is on the board) and not paid to work on Rocky. I have no affiliation with CIQ outside of my interactions with them in the context of Rocky and the larger HPC community.

I’m assuming that these statements are against CIQ as Rocky doesn’t have a business side. The only things we “sell” would be merchandise - and we explicitly tell our merch vendors not to make a profit on our behalf as we’d rather the customer get a slight price decrease then make a profit from them.

It has been brought up several times that the conflation of CIQ and Rocky is unfortunate. Rocky isn’t CIQ and CIQ isn’t Rocky - though CIQ is obviously a HUGE sponsor of Rocky as well as other open source projects like the Warewulf and Apptainer communities.

Regardless of the optics of our sponsor and the Rocky project - I’ve never seen evidence (nor anything that comes close to it) that there have been shady business dealings. I’d quickly back the others posts above that if proof was provided - we’d take it to the board.

Please feel free to ask further questions.

(Also, hello from the other side of the state! [Kansas City] :wave: )


1 Like

When I first heard about this entire fiasco, I thought RH was acting like a complete ******. I have learned some things today that make me at least understand their viewpoint. I do not have any inside information, but here’s the gist of what I learned.

  1. Among the founders of Rocky is the CEO of CIQ - Greg Kurtzer

  2. Rocky is a bug-for-bug replica of RHEL. Unlike Ubuntu which is derived from Debian with some things changed and added.

  3. CIQ offers paid support for Rocky Linux - Rocky Linux Enterprise Support | CIQ. Given item 1, I can see where RH would have issue with it. Guidance for both Rocky and CIQ are “significantly influenced” by the same person/s. That does not necessarily mean nefarious activities are going on, but it’s not a stretch to surmise that there is something “shady”. Add in that it is a direct competitor to RH’s business with RH’s own product. Specifically the backporting of security/bug fixes, version stability, longevity, etc. In other words, the thing RH is doing to provide value to their customers.

  4. CIQ entered into a support contract with NASA for Rocky Linux - This looks to be for 3 individual systems. Not replacing RHEL with Rocky. The line item is “CIQ Rocky Enterprise Linux Per Person Advanced - Annual Subscription”. This would seem insignificant, but as a user at NASA secures contract with Rocky Enterprise Linux | Hacker News pointed out

" * That precedent is key. Once it becomes clear that ROCKY is being used by successful teams, then the approval process is *much* easier.

That's why this is a big-ish deal (not huge, but nice to see). Now, people writing proposals and working on projects can point to this as *precedent*. The best outcome is when funding agencies see "ROCKY is better and more cost effective for the teams we've been funding", then you might get a funder to request that teams use ROCKY as part of the proposal requirements. This is almost nonexistent in federal contracts, but is quite common when dealing with military or commercial contracts."

I do not have any inside info from anywhere, but I have come to believe that it is the combination of these things that lead to the entire kurfuffle we are now seeing. Had Rocky’s only support option been community support, I think things would have remained status quo.

I’m not suggesting that RH is blameless in all of this. Their bungling of CentOS began the chain of events. But the items laid out above at least makes it all make sense to me beyond RH is just targeting the clones. I’m not claiming that RH’s claims are completely accurate and correct. I am saying that I understand how RH can perceive the situation.

1 Like

I appreciate your comments, but wanted to make a couple points.

I think a key thing to remember is that the Rocky project and the RESF are governed by boards elected by the membership of the project. Greg may be on the board, but he does only have one vote and our bylaws limit the number of votes any one company can have. The project is comprised of a number of individuals and I think folks may be assuming Greg has more influence than he really does. If you check out About | Rocky Enterprise Software Foundation and browse our meeting minutes, you can see that Greg has recused himself from voting on multiple occasions.

I have no personal connection to CIQ beyond working with some of their employees who are also contributors to the project. I do personally believe that anyone should be able to sell support services for any open source products they wish. It’s been a legitimate business model since the inception of open source with a wide range of examples. I’m not sure why CIQ specifically gets called out so much for seemingly doing nothing different from many other companies.

1 Like

Red Hat may possess undisclosed information that is not yet known, and they are unable to share it due to the potential negative publicity that could arise from publicly criticizing their competitor.

If so, the same applies to Oracle. So, why the spotlight on RL is brighter then on OL and how is Oracle handling this situation? Just questions where I still do not see any answers …

1 Like

@tgmux, as I stated in the post, I’m not claiming that RH’s position and statements are accurate or that “shenanigans” are necessarily happening. I’m only saying that I can understand their claims, and that I understand their actions in light of them believing their claims are true. I’m not going to argue RH’s position. I was simply trying to respond to the OP question of “further feedback” on the things RH is claiming.

@Ritov, on the question of Oracle, I think it really boils down to the fact that RH receives MASSIVE benefit from Oracle. Oracle’s database server is only supported on RHEL, OL, and SUSE. The Debian ecosphere need not apply. RH is the king of that particular market the way SUSE is king of the SAP market. My employer is one of many that run RHEL and will continue to run RHEL and pay for annual subscriptions because of Oracle. When we looked at switching to OL recently, the cost difference was somewhere between non-existent and minimal. Additionally, once we have RHEL for some things, why not use them for everything? It makes our lives easier by not having to maintain different flavors each with their own quirks. Again, a benefit to RH from Oracle.

continued bad-faith action from one of the rebuilders, not on the code/engineering side but on the commercial/money making side of their house

People have already addressed the fact that we have no “commercial/money making side of their house” so I’ll skip that.

It would be weird if this was what he was referring to, but it’s the only thing I can think of. Red Hatters often say that the EPEL Statistics are being manipulated to artificially inflate the popularity of Rocky Linux in them, generally with the implication that I’m the one doing it.

It’s a pretty absurd accusation though, because they’re implying that I run a botnet, submitting bogus requests to the EPEL repos, simulating a naturally aging population of nonexistent Rocky Linux boxes. A dataset, that’s in Fedora’s Red Hat’s control. That they have the raw data for, with IPs. Any manipulation would be stupid obvious.

To be fair though I’ve only actually seen one Red Hatter publicly saying it, but he mentions “he was informed” by other people at Red Hat that this is happening, so I guess it’s a whole thing there. Hi Carl!

Note: the notebook that builds these charts are open source at rocky-stats/epel.ipynb at master · brianclemens/rocky-stats · GitHub

… and anyone in this ecosystem knowns how to take this data to interpret it, but for those not so familiar:
The data collects only “systems” that have explicitly EPEL repos installed. The usage nature of RHEL compared to other ELs is shown in the data by the absence of a lot of RHEL “systems”. So, its not purposeful to take the data as they are shown …