Hi to all, Am I wrong or the CentOS AppStream repo is heavily lagging behind the RedHat repos? Some examples here:
- the php:7.2 critical security errata published on 2019-11-06 (that's almost 2 weeks ago) [1] [2] is still unavailable in the CentOS AppStream repo leaving systems vulnerable to an already exploited bug [3];
- (this is less critical IMHO) new yum modules published in EL8.1 on on 2019-11-05 (php:7.3 nginx:1.16, ruby:2.6, nodejs:12) are still unavailable in the CentOS AppStream repo;
I'm wondering if it's unintended and justified by lack of time and resources or it's a sneaky strategy to let users choose RHEL for running production systems instead of CentOS. I'm really sorry to say that but the issue described here and the lack of a security errata bulletin [4], makes CentOS8 almost unusable on a production environment.
Thanks for your attention. Regards
Angelo Barney
[1] https://access.redhat.com/errata/RHSA-2019:3735 [2] https://nvd.nist.gov/vuln/detail/CVE-2019-11043 [3] https://nextcloud.com/blog/nextcry-or-how-a-hacker-tried-to-exploit-a-nginx-... [4] https://lists.centos.org/pipermail/centos-devel/2019-November/018053.html
On Nov 19, 2019, at 17:20, Angelo Lisco angystardust@gmail.com wrote:
Hi to all, Am I wrong or the CentOS AppStream repo is heavily lagging behind the RedHat repos? Some examples here:
I believe a lot of these are tied up in the 8.1 point release.
-- Jonathan Billings
-
Angelo Lisco -
Jonathan Billings