The release announcement for CentOS-6.0 posted on CentOS-announce on Sun Jul 10 mentioned that:
Since upstream has a 6.1 version already released, we will be using a Continous Release repository for 6.0 to bring all 6.1 and post 6.1 security updates to all 6.0 users, till such time as CentOS-6.1 is released itself. There will be more details about this posted within the next 48 hours.
I have not noticed anything said about this since, and I can't find any security updates.
Firefox, for instance, is at 3.6.9. This is about a year old with many known security problems, so it really shouldn't be used. CentOS 5 and RHEL 6 have 3.6.18.
Are there still no security updates available for CentOS 6, or have I just managed to completely miss how to access them?
On 07/26/2011 10:08 AM, Lintula wrote:
Are there still no security updates available for CentOS 6, or have I just managed to completely miss how to access them?
if you run a yum update, you will see that all 6.0 updates ( except, yes firefox and xulrunner ) are all in place. The 6.1/ stuff should be coming through soon. There are a couple of rpms that are not doing the right thing and we should have those resolved in a day or so.
- KB
Today is September 3, 2011. There are no _any_ CentOS 6 security updates for a month (during August). And at the moment, the usage of CentOS 6 as a server platform is irresponsible risk (just for example - there is an uncovered httpd DoS, the same is for Samba, e.t.c). And more and more people start to realize that there is practically no (security) support in CentOS 6. Just look at centos-announce@centos.org - the only supported version of CentOS now is ... 4, which is almost at its "end of life"!!! How is it possible? How can I advise people to use CentOS in their business and make donations? Maybe I should ask them to pray for updates or so?
Do You realise how critical is the situation now? Maybe you should think on what the words "Enterprise" mean. Or maybe You should think how to get back the lost confidence, because too many people now think that CentOS is no more enterprise distribution, not at all!
2 things to keep in mind... 1) the httpd dos vuln does not even have a Red Hat patch yet, only a work around. 2) the people who work on CentOS are VOLUNTEERS. They do not get paid which is a large part of why CentOS is free.
If you need up to the minute updates, maybe you should be using RHEL.
John
On 03/09/11 16:00, Vesselin Kolev wrote:
Today is September 3, 2011. There are no _any_ CentOS 6 security updates for a month (during August). And at the moment, the usage of CentOS 6 as a server platform is irresponsible risk (just for example - there is an uncovered httpd DoS, the same is for Samba, e.t.c). And more and more people start to realize that there is practically no (security) support in CentOS 6. Just look at centos-announce@centos.org - the only supported version of CentOS now is ... 4, which is almost at its "end of life"!!! How is it possible? How can I advise people to use CentOS in their business and make donations? Maybe I should ask them to pray for updates or so?
Do You realise how critical is the situation now? Maybe you should think on what the words "Enterprise" mean. Or maybe You should think how to get back the lost confidence, because too many people now think that CentOS is no more enterprise distribution, not at all! _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sat, 3 Sep 2011, John Kennedy wrote:
2 things to keep in mind...
- the httpd dos vuln does not even have a Red Hat patch yet, only a
work around.
Actually, no, it is avaiable; CR repository has it for C5. But that aside...
- the people who work on CentOS are VOLUNTEERS. They do not get paid
which is a large part of why CentOS is free.
If you need up to the minute updates, maybe you should be using RHEL.
Exactly, exactly, exactly. Redhat released a ton of stuff after a three year period of relative slowness. And as has been mentioned, security updates for 6 are being worked on this weekend.
******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************
Le 03/09/2011 20:15, John Kennedy a écrit :
2 things to keep in mind...
- the httpd dos vuln does not even have a Red Hat patch yet, only a
work around. 2) the people who work on CentOS are VOLUNTEERS. They do not get paid which is a large part of why CentOS is free.
If you need up to the minute updates, maybe you should be using RHEL.
Hello,
Or use Scientific Linux, Debian .. A better way if you care about security.
Regards,
js.
John
On 03/09/11 16:00, Vesselin Kolev wrote:
Today is September 3, 2011. There are no _any_ CentOS 6 security updates for a month (during August). And at the moment, the usage of CentOS 6 as a server platform is irresponsible risk (just for example - there is an uncovered httpd DoS, the same is for Samba, e.t.c). And more and more people start to realize that there is practically no (security) support in CentOS 6. Just look at centos-announce@centos.org - the only supported version of CentOS now is ... 4, which is almost at its "end of life"!!! How is it possible? How can I advise people to use CentOS in their business and make donations? Maybe I should ask them to pray for updates or so?
Do You realise how critical is the situation now? Maybe you should think on what the words "Enterprise" mean. Or maybe You should think how to get back the lost confidence, because too many people now think that CentOS is no more enterprise distribution, not at all! _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 3 September 2011 16:00, Vesselin Kolev vlk@lcpe.uni-sofia.bg wrote:
Do You realise how critical is the situation now? Maybe you should think on what the words "Enterprise" mean. Or maybe You should think how to get back the lost confidence, because too many people now think that CentOS is no more enterprise distribution, not at all!
/me thinks you should quit whining about a volunteer driven project, and get your chequebook out and purchase a subscription from the upstream vendor if timely patches are of importance to you.
On Fri, Sep 09, 2011 at 08:11:57PM +0100, Christopher J. Buckley wrote:
/me thinks you should quit whining about a volunteer driven project, and get your chequebook out and purchase a subscription from the upstream vendor if timely patches are of importance to you.
Whining about when 6 was going to drop was one thing; installing 6 once it did drop and not having a security update since July is quite another entirely and people are well within their rights to question the lack of such updates. SLA or no SLA there is an obligation to the masses that use the product which is not being met.
There has been talk of the 6/CR repo but that has not yet manifested itself that I can see other than a non-populated hierarchy on the mirrors that one can only hope indicates that the release of 6/CR is imminent.
Note that this reply is not designed to stir up a bunch of list trolls and this thread degenerating into a pissing contest isn't going to help anyone.
John
-
Christopher J. Buckley -
Drew -
Gilbert Sebenste -
John Kennedy -
John R. Dennison -
Karanbir Singh -
Lintula -
security -
Vesselin Kolev