On Jul 30, 2015, at 03:37, Johnny Hughes johnny@centos.org wrote:
Of course it makes sense. Those security updates are not released in a vacuum, and all the things they are built on/against also need to be released and installed for them to work.
The source code for the ssecurity updates you are talking about are built against RHEL-6.7, not 6.6 by Red Hat. They don't necessarily work on 6.6 without the other updates installed. They also will not necessarily work correctly if built against 6.6 and then used later on 6.7. We don't do this because it is fun. In fact, it is exact opposite of fun, it is quite a PITA. We do it because in order to run the updates (and have them work correctly), you also have to be running the rest of 6.7.
We are providing CR .. SO .. you can get all the updates if you want them early .. WHILE .. we also test and release 6.7. It is double the work.
Because we do CR, CentOS users had access to the 6.7 updates a full 3 days before anyone else made them available and CR was released less than 5 days after the release of RHEL 6.7.
Thanks, Johnny Hughes
Fair enough. Standard library dependency hell, I know… with everything the entire OS is built on at the foundation level, a continually moving target.
Didn’t mean to complain TOO loudly… you guys do a great job with what you have to work with from upstream. (Not just meaning RH, but all the never-ending updates from all their upstreams. Because you know… “software is getting better!”… ROFLMAO… 20 years of hearing that… hasn’t come true yet! GRIN!)
I certainly wouldn’t mind if my employer wasn’t too cheap to buy the real deal from RH and have all the nice patching and auditing tools, but alas… it is what it is. At least we have CentOS! Plus I’m dumb enough not to mandate it, trying to be the “good guy” and save them some $. (GRIN)
I was cranky yesterday - I was patching Windoze servers, which is way less safe to do, and way more annoying. Apologies for the tone. :) :) :)
Honestly I don’t know how you guys do it…
-- Nate