Am 27.03.15 um 20:30 schrieb Mark Haney: ....
But to give an example, we run several Ubuntu 14.04 LTS virtual machines and I've have a dozen or so security related updates that I've not seen for CentOS, like openssl (which I do have installed on it) and gnutls. I know package names don't always match up, but these are recent known vulnerabilities and I don't like the feeling I'm not securing my systems properly.
Does that makes sense?
yes it does - take a look at the centos announce mailinglist and see that the last update for centos 7 was pushed out on feb 25 you might want to have a look at the archives... http://lists.centos.org/pipermail/centos-announce/ or the announcement regarding the CR repo: http://lists.centos.org/pipermail/centos-announce/2015-March/020980.html