On 10/8/2011 10:30 AM, Timothy Murphy wrote:
nux@li.nux.ro wrote:
I don't really understand the function of this repository, or rather why the RPMs in it are not in the standard repository?
Because there is no "standard repository" yet. These RPMs are from the next version (6.1 as we write this) which has not been published yet. CR is just a way to keep up with updates while they work on publishing Centos 6.1.
I've read the various responses, and am not really convinced. It seems to me the developers are just making more work for themselves. Of course that is their prerogative ...
It is really quite simple. 6.1 is not out. Many of us absolutely must have 6.0 serving the public at this point. There are no more security updates for 6.0. So, why not provide updated packages as they are available, if they don't break other packages? It seems very sound reasoning to me. Extra work? Well, it is some, but not really that much.
To me, this is another case of the CentOS team trying hard to provide what the community needs as fast as they can. Choose to use the CR or not. For me and I'm certain many others, I'm very happy that it is there! And this provides an answer for now and perhaps again in the future when a minor release occurs just before a major security issue, leaving the ability to move forward with the new security packages before the minor release is ready.
As for passing security 'testing'. Well, CR might not provide the answer the 'testers' want, but do they ultimately want security or do they only want you to pass the test? Sometimes I think the latter... a question of 'perceived' or 'actual'. I'll choose actual... and like it to be pretty quick... and CR provides an aid there.
John Hinton