[CentOS-devel] Security and other updates - too slow
Lamar Owen
lowen at pari.edu
Fri Dec 16 18:30:53 UTC 2016
On 12/15/2016 06:43 PM, Phil Wyett wrote:
> How is the core SIG looking at improving and speeding up (more than one
> person) builds of updates? As I see it the longer the time between
> vendor release and CentOS release people know that we are hittable if
> they have a viable exploit?
I'm trying to not come across too harshly, but if you need a guaranteed
speed of update, then you need to purchase an RHEL subscription.
The same source that is being rebuilt for CentOS is publicly available,
and there is nothing preventing you from rebuilding it at the speed you
need.
From my point of view I'm happy just getting the updates at any time,
even if there is a delay in release. If I want better speed of updates,
I buy RHEL subscriptions (and I do have one personally for a critical
machine). Or I rebuild from the same sources that CentOS uses, although
I have found that the CentOS developers almost always beat me to getting
packages built, even when I do try to do the rebuild myself. (As Johnny
alluded to, it's not just 'take this group of sources and build in any
arbitrary order' and the so-called point releases can be much more
difficult than ordinary updates due to build order puzzles.)
The CentOS developers have, in my opinion, done a fantastic job of
turning out timely updates since 6.0/5.6/4.9 days, and I am personally
and professionally grateful for the time spent, at no cost to me, for
this to happen.
More information about the CentOS-devel
mailing list