[CentOS-devel] Security and other updates - too slow

Trevor Hemsley

trevor.hemsley at ntlworld.com
Fri Dec 16 10:49:13 UTC 2016

On 16/12/16 10:37, Karanbir Singh wrote:
> On 15/12/16 23:43, Phil Wyett wrote:
>> Hi,
>> How is the core SIG looking at improving and speeding up (more than one
>> person) builds of updates? As I see it the longer the time between
>> vendor release and CentOS release people know that we are hittable if
>> they have a viable exploit?
>> I ask this as I see that the core SIG is not concentrating on the job at
>> hand and concentrating on the work of their new masters - Red Hats
>> CentOS? Their heads are in the cloud. ;-)
> unsure if this is a troll post or you actually meant to raise tangiable
> concerns ?

I am in complete agreement.

7.3.1611 took 39 days from the upstream release which is 2 weeks longer
than the previous el7 drops.

The latest https://rhn.redhat.com/errata/RHSA-2016-2946.html which is a
critical update for firefox released on the 14th is still not released
for CentOS 7 after 2 days.

It appears the core team have lost focus on what's important. The SIG
stuff should be peripheral. The altarch stuff should be peripheral.
Concentrate on what's important - it's the DISTRO. The rest of it may be
nice to have but the important part is the core of the distro. Anything
else is just distraction.


More information about the CentOS-devel mailing list