-----Original Message----- From: CentOS-devel centos-devel-bounces@centos.org On Behalf Of Leon Fauster via CentOS-devel Sent: Wednesday, 7 October 2020 23:41 To: centos-devel@centos.org Subject: Re: [CentOS-devel] Module version differences between RHEL8 and Centos8?
Am 07.10.20 um 16:46 schrieb Antal Nemeš:
-----Original Message----- From: CentOS-devel centos-devel-bounces@centos.org On Behalf Of Leon Fauster via CentOS-devel Sent: Wednesday, 7 October 2020 12:31 To: centos-devel@centos.org Subject: Re: [CentOS-devel] Module version differences between RHEL8 and Centos8?
<snip>
Cherry picking only sec updates is not supported by this distribution. It results in a combination of installed packages that is not tested. IIRC every RHSA has a statement that all (latest) packages must be applied to be "secure". In this case it is not worth the effort to map hashes but other objectives like reportable compliance will require
such metadata.
I have not observed such statements in RHSA, at least not for RHEL8. Do
you have a reference I can look at?
RHEL8 docs clearly make a provision for it: https://access.redhat.com/documentation/en-
us/red_hat_enterprise_linux
/8/html/managing_and_monitoring_security_updates/installing-security-u pdates_managing-and-monitoring-security-updates
As I said (IIRC) - I remember that the mentioned sentence where everywhere placed: Like here
https://access.redhat.com/errata/RHBA-2020:3264
but it seems not to be on every errata anymore ...
Thanks for the reference. I see this note consistently on RHBA, but I have so far not seen it on any RHSA.
-- Leon
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel