I noticed updates for dhcp and redhat-logos. From the changelog it becomes clear why there was no announcement nor update from redhat. As I understand this was only branding stuff.
* Mit Aug 15 2012 Johnny Hughes johnny@centos.org - 12:4.1.1-31.P1.1.el6.centos - created patch 1000 for CentOS Branding - replaced vvendor variable with CentOS in the SPEC file
* Mit Aug 15 2012 Johnny Hughes johnny@centos.org 60.0.14-12 - Bugfix for CentOS Bug #5704
But it is not clear to me why there was no announcement from CentOS, at least I can not find it. I am subscribed to centos-announce and I had a look at http://lists.centos.org/pipermail/centos-announce/2012-August/thread.html too.
On 08/20/2012 04:50 AM, Markus Falb wrote:
I noticed updates for dhcp and redhat-logos. From the changelog it becomes clear why there was no announcement nor update from redhat. As I understand this was only branding stuff.
- Mit Aug 15 2012 Johnny Hughes johnny@centos.org -
12:4.1.1-31.P1.1.el6.centos
- created patch 1000 for CentOS Branding
- replaced vvendor variable with CentOS in the SPEC file
- Mit Aug 15 2012 Johnny Hughes johnny@centos.org 60.0.14-12
- Bugfix for CentOS Bug #5704
But it is not clear to me why there was no announcement from CentOS, at least I can not find it. I am subscribed to centos-announce and I had a look at http://lists.centos.org/pipermail/centos-announce/2012-August/thread.html too.
Correct .. both of these are branding only with no upstream announce.
On 20.8.2012 13:24, Johnny Hughes wrote:
On 08/20/2012 04:50 AM, Markus Falb wrote:
...
But it is not clear to me why there was no announcement from CentOS, at least I can not find it. I am subscribed to centos-announce and I had a look at http://lists.centos.org/pipermail/centos-announce/2012-August/thread.html too.
Correct .. both of these are branding only with no upstream announce.
This implies that only "with upstream announce"-updates are announced? I think that CentOS should announce every update on the centos-announce list.
On 08/20/2012 07:45 AM, Markus Falb wrote:
On 20.8.2012 13:24, Johnny Hughes wrote:
On 08/20/2012 04:50 AM, Markus Falb wrote:
...
But it is not clear to me why there was no announcement from CentOS, at least I can not find it. I am subscribed to centos-announce and I had a look at http://lists.centos.org/pipermail/centos-announce/2012-August/thread.html too.
Correct .. both of these are branding only with no upstream announce.
This implies that only "with upstream announce"-updates are announced? I think that CentOS should announce every update on the centos-announce list.
I am working on a way to do that now. Expect the announcements soon.
The issue is, I have no way to have an index number. I can't use the next one or it will step on the next upstream update. We are figuring out how we can do this and still make it work with our upcoming yum-security release too.
This is something that we do very infrequently, but now that we are also going to do yum-security, it is something we need to do correctly.
I would point out that Red Hat only announces security updates on their list, not BA's or EA's, and no one seems to have a problem with that :)
Am 20.08.2012 17:20, schrieb Johnny Hughes:
The issue is, I have no way to have an index number. I can't use the next one or it will step on the next upstream update. We are figuring out how we can do this and still make it work with our upcoming yum-security release too.
Yep. That was one of my points.
This is something that we do very infrequently, but now that we are also going to do yum-security, it is something we need to do correctly.
That's what I brought it up. And while you're at it: we need a fix for the centosplus and extras repositories. There are security related releases done there, too.
I would point out that Red Hat only announces security updates on their list, not BA's or EA's, and no one seems to have a problem with that :)
For Red Hat the announce-list is a second information distribution channel. Primary info is in the customer portal. For CentOS the announce-list is the one and only information channel and people believe it to contain all information.
Regards, Andreas
On 08/21/2012 10:29 AM, Andreas Rogge wrote:
Am 20.08.2012 17:20, schrieb Johnny Hughes:
The issue is, I have no way to have an index number. I can't use the next one or it will step on the next upstream update. We are figuring out how we can do this and still make it work with our upcoming yum-security release too.
Yep. That was one of my points.
This is something that we do very infrequently, but now that we are also going to do yum-security, it is something we need to do correctly.
That's what I brought it up. And while you're at it: we need a fix for the centosplus and extras repositories. There are security related releases done there, too.
I would point out that Red Hat only announces security updates on their list, not BA's or EA's, and no one seems to have a problem with that :)
For Red Hat the announce-list is a second information distribution channel. Primary info is in the customer portal. For CentOS the announce-list is the one and only information channel and people believe it to contain all information.
I would point out that yum-security is not easy ... to the best of my knowledge, Scientific Linux does not do it, Oracle does not do it, EPEL does not do it, etc. All of those places also do security updates.
We want to do it, however, it is not easy ... if it was, everyone would be doing it.
-
Andreas Rogge -
Johnny Hughes -
Markus Falb