<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><span style="font-family:arial,sans-serif">Hi to all,</span></div><div><span style="font-family:arial,sans-serif">Am I wrong or the CentOS AppStream repo is heavily lagging behind the RedHat repos? <br></span></div><div><span style="font-family:arial,sans-serif">Some examples here:</span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">- the php:7.2 critical security errata published on 2019-11-06 (that's almost 2 weeks ago) [1] [2] is still unavailable in the CentOS AppStream repo leaving systems vulnerable to an already exploited bug [3];<br></span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">- (this is less critical IMHO) new yum modules published in EL8.1 on on 2019-11-05 (php:7.3 nginx:1.16, ruby:2.6, nodejs:12) are still unavailable in the CentOS AppStream repo;<br></span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">I'm wondering if it's unintended and justified by lack of time and resources or it's a sneaky strategy to let users choose RHEL for running production systems instead of CentOS.<br></span></div><div><span style="font-family:arial,sans-serif">I'm really sorry to say that but the issue described here and the lack of a security errata bulletin [4], makes CentOS8 almost unusable on a production environment.<br></span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">Thanks for your attention.</span></div><div><span style="font-family:arial,sans-serif">Regards<br></span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">Angelo Barney<br></span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">[1] <a href="https://access.redhat.com/errata/RHSA-2019:3735" target="_blank">https://access.redhat.com/errata/RHSA-2019:3735</a></span></div><div><span style="font-family:arial,sans-serif">[2] <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11043" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11043</a></span></div><div><span style="font-family:arial,sans-serif">[3] <a href="https://nextcloud.com/blog/nextcry-or-how-a-hacker-tried-to-exploit-a-nginx-issue-with-2-nextcloud-servers-out-of-300-000-hit-and-no-payout/" target="_blank">https://nextcloud.com/blog/nextcry-or-how-a-hacker-tried-to-exploit-a-nginx-issue-with-2-nextcloud-servers-out-of-300-000-hit-and-no-payout/</a></span></div><div><span style="font-family:arial,sans-serif">[4] <a href="https://lists.centos.org/pipermail/centos-devel/2019-November/018053.html" target="_blank">https://lists.centos.org/pipermail/centos-devel/2019-November/018053.html</a></span></div></div>
</div></div>