On Sat, 19 Feb 2011, Johnny Hughes wrote:
For the vast majority of packages, we make no changes. We rebuild it and test it. If the binary passes the test, we use it. If the binary does not pass the test we troubleshoot and figure out why it does not pass the test ... and we change things OUTSIDE the SRPM to fix the problem.
Yes, and those changes are closed.
But then again we first have to establish the notion that a CentOS release that is 2 or 3 months behind RHEL is a huge security problem to CentOS users (and probably to the CentOS infrastructure as well).
I don't think it makes any sense to discuss the CentOS project's transparency if we cannot admit that we are doing a lousy job regarding our core business. The lack of competition in this space surely didn't help keeping us on our toes.