On 8/5/20 1:05 AM, centos@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM centos@niob.at wrote:
Q5) If the answer to the last question is "no": shouldn't there be such a resource?
CentOS doesn't publish security errata. If you need it then you should either buy RHEL, or deal with putting together your own set up with something like http://cefs.steve-meier.de/
I expected just this answer, and we do have a RHEL subscription (and BTW: thanks for the link). But you missed the main point by omitting the other questions (especially Q1, Q2 and Q3): There are upstream package versions that were never rebuilt for CentOS.
For instance: If, for whatever reason, I am required to stay with nginx 1.14.1 then the missing rebuild of the packages mentioned in RHSA-2019:2799 (https://access.redhat.com/errata/RHSA-2019:2799) would leave me with a vulnerable system.
The question for an OVAL feed is actually an add-on question: In the same spirit that is the base for the CentOS project itself: wouldn't such a feed be a good thing to have? Otherwise your answer could be the catch-all answer to all questions CentOS: Go get a commercial subscription. Personally, I think such an answer is not very helpful.
So what do you think about the underlying issue? Under what argumentation does it NOT constitute to be an issue?
Modules suck .. :)
But that is built and in the repo ..
dnf list 'nginx*'
nginx.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-all-modules.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-filesystem.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-mod-http-image-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-mod-http-perl.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-mod-http-xslt-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-mod-mail.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream nginx-mod-stream.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream
As I have said before .. mbbox (the item used to build modules) adds an index code (the 184) and a part of the git commit (e34fea82) .. so this will always be different between RHEL and CentOS .. because we use different builders and a different git repo. Red Hat's RHEL index code is 4108 and the git commit is af250afe