Am 07.10.20 um 16:46 schrieb Antal Nemeš:
-----Original Message----- From: CentOS-devel centos-devel-bounces@centos.org On Behalf Of Leon Fauster via CentOS-devel Sent: Wednesday, 7 October 2020 12:31 To: centos-devel@centos.org Subject: Re: [CentOS-devel] Module version differences between RHEL8 and Centos8?
<snip>
Cherry picking only sec updates is not supported by this distribution. It results in a combination of installed packages that is not tested. IIRC every RHSA has a statement that all (latest) packages must be applied to be "secure". In this case it is not worth the effort to map hashes but other objectives like reportable compliance will require such metadata.
I have not observed such statements in RHSA, at least not for RHEL8. Do you have a reference I can look at? RHEL8 docs clearly make a provision for it: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
As I said (IIRC) - I remember that the mentioned sentence where everywhere placed: Like here
https://access.redhat.com/errata/RHBA-2020:3264
but it seems not to be on every errata anymore ...
-- Leon