This applies to 5.X as it stands, as 4.X. Once RH 5.4 hits the streets, then CentOS 5 users will be in the same boat. I would hope nobody feels they are getting beaten up about this. The intention is not to beat anybody up. Anyway, I am going to try *really* hard not to post on the matter again (I said that yesterday, but I am going to try *harder*) because I am just repeating myself now, which may come across as brow-beating.

From: Les Mikesell <lesmikesell@gmail.com>
To: CentOS mailing list <centos@centos.org>
Sent: Wednesday, 12 August, 2009 3:41:24
Subject: Re: [CentOS] CentOS Project Infrastructure

Joseph L. Casale wrote:
>> I didn't 'get' the security implications of the rebuild stuff til it was explained to me the other day.
>
> Share the knowledge:) Aside from the delay involved while the devs build rpm's
> from the srpm's, is there more to it?

It's been covered already. When RH does a point release, CentOS has to match
the full rebuild before any more security updates go out for some unavoidable
technical reasons. RH 4.8
http://www.redhat.com/archives/rhelv4-announce/2009-May/msg00000.html
still isn't matched in CentOS, so no security updates in the 4.x line since May.
But, if you want to be up to date you probably shouldn't be running a 4.x
release anyway - so other than stating the facts I wouldn't want to beat anyone
up over this particular issue.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos