On Mon, 2007-05-07 at 15:34 -0700, Scott Silva wrote: > Akemi Yagi spake the following on 5/7/2007 3:17 PM: > > On 5/7/07, Johnny Hughes > > <mailing-lists at hughesjr.com> wrote: > >> On Mon, 2007-05-07 at 12:57 -0700, Akemi Yagi wrote: > >> > CentOS developers, > >> > > >> > Could someone take a look at this? It was posted on the CentOS Forum > >> > by bdaniels. Apparently this security update came out on May 1, but > >> > not all versions have been made available for CentOS. > >> > > >> > Akemi > >> > > >> > === Forum posting by bdaniels === > >> > > >> > Well, the announce list has been posting them: > >> > > >> > [CentOS-announce] CESA-2007:0257 Low CentOS 4 s390(x) openssh - > >> security update > >> > 05/04/2007 06:44 PM > >> > > >> > CentOS Errata and Security Advisory 2007:0257 > >> > > >> > https://rhn.redhat.com/errata/RHSA-2007-0257.html > >> > > >> > > >> > But only for the s390 and ia64 architectures. The i386/ia32 ones are > >> missing. > >> > _______________________________________________ > >> > >> That would be because they are part of the 4.5 respin ... > >> > >> In the past, if we have released only parts of the respin, we have had > >> errors because some of the packages are compiled on the new glibc/gcc. > > > > OK...BUT, as bdaniels noted, the above update is already out for > > CentOS ia64 (May 2) and s390 (May 4)... > > > > Akemi > Those arch's probably aren't scheduled for a respin right away. IA64 and s390 > are probably in the single digit percentage of installs, and those respins can > probably be put off for an extra week or two without serious complaints. But > the ssh patches probably shouldn't wait that long. That is correct ... as we have different developers/release managers doing different things for different arches. And I might analyze for releasing the openssh stuff separately, if there is a long term reason that we can't get the i386/x86_64 respins out. The problem goes like this: (as an example) Kernel is a security release, so I want to push it before we do the respin. Kernel boots with the old kudzu and mkinitrd, but does not work correctly ... so I need to release those too. The mkinitrd requires that I need to release the new kernel-utils and module-init-tools. Pretty soon, I need to release the whole respin to release the kernel. Since the thing in question is the openssh ... lets see how long RH waited from build time to release: ===================================================== From RHN: openssh-3.9p1-8.RHEL4.20.i386.rpm Build Date: 2006-11-10 16:14:48 Release Date: 2007-05-01 ===================================================== So if RH can wait almost 7 months to get this package through QA and release, surely we can QA the entire respin for 2 weeks :-P. As I said, dumping only part of the respin out can be done, however, I just did not like the results that we had and bugs it created the couple times we did it that way for i386/x86_64 ... it is just safer to release it as a group (just like upstream did). However, if another developer wants to do the other approach, and if they have analyzed for it, that is also absolutely a valid approach. Nothing wrong with either way, but I want i386/x86_64 to go though QA first. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20070508/128c39a3/attachment-0007.sig>