<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 1, 2022 at 3:12 PM Josh Boyer <<a href="mailto:jwboyer@redhat.com">jwboyer@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
CentOS Stream addresses CVE fix policy in the FAQ. That policy will<br>
not change with the release of RHEL 9.<br><br></blockquote><div><br></div><div>I had to look this up.<br><br>From <a href="https://centos.org/distro-faq/">https://centos.org/distro-faq/</a>:<br></div><div><h3 id="gmail-q4-how-will-cves-be-handled-in-centos-stream">Q4: How will CVEs be handled in CentOS Stream?</h3>
<p><strong>A:</strong> Security issues will be updated in CentOS
Stream after they are solved in the current RHEL release. Obviously,
embargoed security releases can not be publicly released until after the
embargo is lifted. While there will not be any SLA for timing, Red Hat
Engineers will be building and testing other packages against these
releases. If they do not roll in the updates, the other software they
build could be impacted and therefore need to be redone. There is
therefore a vested interest for them to get these updates in so as not
to impact their other builds and there should be no issues getting
security updates.</p>
<h3 id="gmail-q5-does-this-mean-that-centos-stream-is-the-rhel-beta-test-platform-now">Q5: Does this mean that CentOS Stream is the RHEL BETA test platform now?</h3>
<p><strong>A:</strong> No. CentOS Stream will be getting fixes
and features ahead of RHEL. Generally speaking we expect CentOS Stream
to have fewer bugs and more runtime features as it moves forward in time
but always giving direct indication of what is going into a RHEL
release</p> ---------------------------------------------------<br><br></div><div>I don't have my eye on RHEL 9 at this point, so I can't say how that distro handled the polkit update.<br></div></div></div>