[CentOS-devel] yum-security and CentOS-5 / 6

Thu Aug 16 15:35:07 UTC 2012
Johnny Hughes <johnny at centos.org>

On 08/16/2012 10:04 AM, Les Mikesell wrote:
> On Wed, Aug 8, 2012 at 5:08 AM, Karanbir Singh <mail-lists at karan.org> wrote:
>>>> That's probably what 90% of people will be happy with.
>>
>> interesting. are you saying that most people are not interested in
>> tracking specific CVE's etc ?
> 
> I think I missed the basic premise here.  The specifics only matter
> when you don't have a known fix installed.  Separating things isn't
> the point so much as just getting them in the update stream so normal
> updates install them.   Is this for the special case where normal
> updates are backed up from build issues at a point/version release -
> or to help where people don't want updates to fix bugs unless they are
> security-related?
> 

One point is, for already installed packages you can print out the CVE's
or the Index Number of the update (as one example).  This means you can
fairly easily generate reports to show compliance with some standard
(PCI, etc.)

You can also say to only install Security and not BugFix or Enhancement
updates, etc.

See this page for the capabilities that yum-security can give:

http://linux.die.net/man/8/yum-security


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20120816/bc5f1382/attachment-0007.sig>