Hi,
freely does not imply free to redistribute. Of course these informations are available from various sources which allow redistribution, but it takes time to aggregate them - time that someone need to spend doing the necessary research.
best regards, Markus
On Mon, 2021-06-21 at 13:53 +0200, Gionatan Danti wrote:
Il 2021-06-21 13:34 Pete Biggs ha scritto:
CentOS does not provide the metadata to allow the --security flag to work.
Right.
It doesn't provide it because that information from Redhat is proprietary and not open source.
This is not my understanding. From what I can see, updates which patches CVEs are freely readable on Red Has site. For example: CVE: https://access.redhat.com/security/cve/cve-2021-3156 UPDATE: https://access.redhat.com/errata/RHSA-2021:0221
Historically the CentOS team refused to provide such metadata due to the added work required. Now with Stream, and the demise of classic CentOS, security updates are even less probable (ie: a rolling release is often wholly updated).
Regards.