[CentOS-devel] Update announcements

Tue Aug 21 20:37:39 UTC 2012
Johnny Hughes <johnny at centos.org>

On 08/21/2012 10:29 AM, Andreas Rogge wrote:
> Am 20.08.2012 17:20, schrieb Johnny Hughes:
>> The issue is, I have no way to have an index number.  I can't use the
>> next one or it will step on the next upstream update.  We are figuring
>> out how we can do this and still make it work with our upcoming
>> yum-security release too.
> Yep. That was one of my points.
>> This is something that we do very infrequently, but now that we are also
>> going to do yum-security, it is something we need to do correctly.
> That's what I brought it up.
> And while you're at it: we need a fix for the centosplus and extras 
> repositories. There are security related releases done there, too.
>> I would point out that Red Hat only announces security updates on their
>> list, not BA's or EA's, and no one seems to have a problem with that :)
> For Red Hat the announce-list is a second information distribution 
> channel. Primary info is in the customer portal.
> For CentOS the announce-list is the one and only information channel and 
> people believe it to contain all information.

I would point out that yum-security is not easy ... to the best of my
knowledge, Scientific Linux does not do it, Oracle does not do it, EPEL
does not do it, etc.  All of those places also do security updates.

We want to do it, however, it is not easy ... if it was, everyone would
be doing it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20120821/2acd5193/attachment-0005.sig>