[CentOS-devel] Missing security updates

Thu Jul 22 20:26:04 UTC 2010
Charlie Brady <charlieb-centos-devel at budge.apana.org.au>

On Thu, 22 Jul 2010, Jeff Johnson wrote:

> What exactly is "closed" about the process? Sausages from the 
> @redhat.com factory arrive on lthe CentOS oading dock, are examined, 
> tallied, listed, stamped, processed, and re-distributed. The entire 
> process for CentOS release engineering is easily seen, been the same 
> since forever.

Do you have any references for the "examined, tallied, listed, stamped" 
part of these processes? I was unaware that there was any external 
visibility on these internal CentOS processes. There's nothing here, for 


Is the information available elsewhere?

> There's nothing stopping anyone from grabbing the sausages in the 
> "security release", building, installing, testing, and reporting 
> "worksforme" to assist in expediting a "security release".

I'm not sure how that would help. We already know that Red Hat have built 
and presumably tested these packages. If I say that I've built and tested 
them, does that churn them through the CentOS process any quicker? Does  
it add any assurance to the packages *as built by CentOS*?