This applies to 5.X as it stands, as 4.X. Once RH 5.4 hits the streets, then CentOS 5 users will be in the same boat. I would hope nobody feels they are getting beaten up about this. The intention is not to beat anybody up. Anyway, I am going to try *really* hard not to post on the matter again (I said that yesterday, but I am going to try *harder*) because I am just repeating myself now, which may come across as brow-beating.
________________________________ From: Les Mikesell lesmikesell@gmail.com To: CentOS mailing list centos@centos.org Sent: Wednesday, 12 August, 2009 3:41:24 Subject: Re: [CentOS] CentOS Project Infrastructure
Joseph L. Casale wrote:
I didn't 'get' the security implications of the rebuild stuff til it was explained to me the other day.
Share the knowledge:) Aside from the delay involved while the devs build rpm's from the srpm's, is there more to it?
It's been covered already. When RH does a point release, CentOS has to match the full rebuild before any more security updates go out for some unavoidable technical reasons. RH 4.8 http://www.redhat.com/archives/rhelv4-announce/2009-May/msg00000.html still isn't matched in CentOS, so no security updates in the 4.x line since May. But, if you want to be up to date you probably shouldn't be running a 4.x release anyway - so other than stating the facts I wouldn't want to beat anyone up over this particular issue.