Hello dear CentOS community,
I'm writing on this mailing list because I'm discovering CentOS 8 after several years of practice on CentOS 7.
One of my main concern about a distribution is Bug Fixes and Security Fixes. For CentOS 7, all fixes where identified on CentOS-Announces lists with CESA, CEBA and CEEA which is a good thing in order to identify how a distribution can be broken, vulnerable.
However, I didn't find any announcement for CentOS 8. I tried to investigate about any changes about announcement policies but I didn't find anything reliable.
So I'm asking here what is exactly the status about announcements for CentOS 8 ? Is it a thing who totally disappeared replaced by Red Hat advisories or is it something different ? Or maybe it is just not planned yet ?
Explanations would be very welcomed.
Thanks for your answer
Regards, Olivier Bonhomme
Il 07/08/20 23:05, Olivier Bonhomme ha scritto:
Hello dear CentOS community,
I'm writing on this mailing list because I'm discovering CentOS 8 after several years of practice on CentOS 7.
One of my main concern about a distribution is Bug Fixes and Security Fixes. For CentOS 7, all fixes where identified on CentOS-Announces lists with CESA, CEBA and CEEA which is a good thing in order to identify how a distribution can be broken, vulnerable.
However, I didn't find any announcement for CentOS 8. I tried to investigate about any changes about announcement policies but I didn't find anything reliable.
So I'm asking here what is exactly the status about announcements for CentOS 8 ? Is it a thing who totally disappeared replaced by Red Hat advisories or is it something different ? Or maybe it is just not planned yet ?
Explanations would be very welcomed.
Thanks for your answer
Regards, Olivier Bonhomme
Hi Olivier,
this question got several answers. Since C8 was release updates on announces ML are not available because the tool that provides notification does not work with the new tool that is used to build packages.
Actually I use RHEL advisory, but this require a RH account (not subscription).
I asked some days ago and I got this answer:
Start Quote:
As I understand some kind of mapping must be implemented for indexcode+gitcommitid beetween CentOS and RH ...
https://lists.centos.org/pipermail/centos/2020-August/351263.html
End Quote:
So seems that something boils in the pot. We must only wait.
My 2 Cents
Hi Olivier,
this question got several answers. Since C8 was release updates on announces ML are not available because the tool that provides notification does not work with the new tool that is used to build packages.
Actually I use RHEL advisory, but this require a RH account (not subscription).
I asked some days ago and I got this answer:
Start Quote:
As I understand some kind of mapping must be implemented for indexcode+gitcommitid beetween CentOS and RH ...
https://lists.centos.org/pipermail/centos/2020-August/351263.html
End Quote:
So seems that something boils in the pot. We must only wait.
My 2 Cents
Hello Alessandro,
Thanks for your answer. Actually my question was about more 8-Stream. Sorry. I think my message was not clear.
I knew that for CentOS 8, we have to wait but it was before the transition between 8 and stream.
So I'm now actually worried for the future. I think it's important to have security advisories for a distribution. All the main distributions have a security team and I always found that it was a lack for CentOS even if of course we could use the RedHat advisories.
CentOS Stream is a big change and something very different so I would love to know if advisoires publications will be part of that new project.
Thanks for your answers
Regards, Olivier
On 12/16/20 3:28 PM, Olivier Bonhomme wrote:
Hi Olivier,
this question got several answers. Since C8 was release updates on announces ML are not available because the tool that provides notification does not work with the new tool that is used to build packages.
Actually I use RHEL advisory, but this require a RH account (not subscription).
I asked some days ago and I got this answer:
Start Quote:
As I understand some kind of mapping must be implemented for indexcode+gitcommitid beetween CentOS and RH ...
https://lists.centos.org/pipermail/centos/2020-August/351263.html
End Quote:
So seems that something boils in the pot. We must only wait.
My 2 Cents
Hello Alessandro,
Thanks for your answer. Actually my question was about more 8-Stream. Sorry. I think my message was not clear.
I knew that for CentOS 8, we have to wait but it was before the transition between 8 and stream.
So I'm now actually worried for the future. I think it's important to have security advisories for a distribution. All the main distributions have a security team and I always found that it was a lack for CentOS even if of course we could use the RedHat advisories.
CentOS Stream is a big change and something very different so I would love to know if advisoires publications will be part of that new project.
I doubt very seriously that there will be announcements for security issues. At least I know of no plans to do so for Stream.
-
Alessandro Baggi -
Johnny Hughes -
Olivier Bonhomme