On Thu, Feb 24, 2011 at 12:05 PM, Ian Murray murrayie@yahoo.co.uk wrote:
However, it was my understanding that "Critical" security updates and those that are "remotely exploitable" would be pushed out ahead of 5.6.
That is my understanding, too. However, I see that the only "Critical" one on your list is java-1.6.0-sun. This is not included in CentOS...
As far as I understand this is a highly untrivial task and breaks the "binary compatible" rule. Nevertheless, this was attempted one or two dot releases ago, I think as an experiment as much as anything.
I am not sure how the CentOS team thought of that exercise, in hindsight. I would be interested in knowing. From the explanation that Russ gave, it was a mighty effort, as far as I remember.
Right, it is not an easy task as we see from the past experience. I think Karanbir is trying to come up with the way CentOS can provide critical security updates ahead of the pending major release as we can see in his post [1] to the -devel mailing list:
"all updates to the /5/ tree are monitored and anything which has a remote or local exploit will get pushed into the /5/ tree; things in 5.6 and against 5.6 that dont meet that criteria wait for 5.6 release. build order, linking, inheriting upstream testing etc etc to blame."
[1] http://lists.centos.org/pipermail/centos-devel/2011-February/006916.html
Akemi