On 08/21/2012 10:29 AM, Andreas Rogge wrote:
Am 20.08.2012 17:20, schrieb Johnny Hughes:
The issue is, I have no way to have an index number. I can't use the next one or it will step on the next upstream update. We are figuring out how we can do this and still make it work with our upcoming yum-security release too.
Yep. That was one of my points.
This is something that we do very infrequently, but now that we are also going to do yum-security, it is something we need to do correctly.
That's what I brought it up. And while you're at it: we need a fix for the centosplus and extras repositories. There are security related releases done there, too.
I would point out that Red Hat only announces security updates on their list, not BA's or EA's, and no one seems to have a problem with that :)
For Red Hat the announce-list is a second information distribution channel. Primary info is in the customer portal. For CentOS the announce-list is the one and only information channel and people believe it to contain all information.
I would point out that yum-security is not easy ... to the best of my knowledge, Scientific Linux does not do it, Oracle does not do it, EPEL does not do it, etc. All of those places also do security updates.
We want to do it, however, it is not easy ... if it was, everyone would be doing it.