[CentOS-devel] I want to help

Tue Mar 29 10:21:06 UTC 2011
Marian Marinov <mm at yuhu.biz>

I'm sorry, its a follow up from this story: 
  http://lwn.net/Articles/429364/

Here is the first part of the article( the one that made me ask if I can help):

There are rumors suggesting that the CentOS 5.6 release is imminent - though 
that is something we have heard before. This release will certainly be welcome 
to numerous CentOS users, but there can be no doubt that its tardiness - and, 
in particular, the absence of CentOS 5 security updates caused by its delay - 
has been a bit of a wakeup call for those users. If this much-used 
distribution is to remain viable into the future, some important changes will 
need to be made and those who depend on it will have to step up their support.

There will be no shortage of CentOS users who would like to get their hands on 
the improvements and added hardware support to be found in the RHEL 5.6 and 
6.0 releases. But the real problem is not delayed gratification; it is that 
there have been no CentOS 5 security updates since January 6, and only one 
since December 14, 2010. During this time, RHEL 5, on which CentOS 5 is based, 
has seen updates for dbus, exim, firefox (twice), gcc, hplip, java-openjdk, 
kernel (thrice), krb5, libtiff, libuser, mailman, openldap, pango, php, 
postgresql, python, samba, subversion (twice), tomcat5, vsftpd, and wireshark 
(twice). Since these updates are based on the 5.6 release, CentOS cannot 
easily pass them on to its users until they, too, have a 5.6 base. Since that 
base has been slow in coming, all those security updates have been blocked.

Some of these vulnerabilities are more severe than others, but there can be no 
contesting the fact that every CentOS 5 system out there is currently running 
with a significant set of known holes. That is not the sort of solidity and 
support that CentOS users will have been hoping for. Many of those users will, 
by now, be wondering whether CentOS is the right distribution to base their 
systems on. 



On Tuesday 29 March 2011 13:03:55 John R. Dennison wrote:
> On Tue, Mar 29, 2011 at 12:50:51PM +0300, Marian Marinov wrote:
> > Just today I read in LWN( https://lwn.net/Articles/435744/ ) about the
> > problems with CentOS.
> 
> 	Posting restricted content links that are available to paying
> 	subscribers only is, shall we say, useless in the general case.
> 
> 
> 
> 
> 							John

-- 
Best regards,
Marian Marinov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20110329/e00f26c9/attachment-0007.sig>