Hi Lura, Florian, Neil,
When referencing RHEL advisories for CentOS Stream, wouldn’t this occasionally result in false positives? For example: - In some cases, CentOS Stream might already have the fix (patch applied) while the corresponding RHEL release is still vulnerable. - Conversely, for high-severity issues, patches may reach RHEL first, leaving CentOS Stream temporarily vulnerable.
How should such cases be handled? Additionally, is there any plan to publish dedicated security advisories for CentOS Stream in the future?
Thanks, Vishnu Priya