[CentOS-devel] Security and other updates - too slow

Fri Dec 16 10:49:13 UTC 2016
Trevor Hemsley <trevor.hemsley at ntlworld.com>

On 16/12/16 10:37, Karanbir Singh wrote:
> On 15/12/16 23:43, Phil Wyett wrote:
>> Hi,
>>
>> How is the core SIG looking at improving and speeding up (more than one
>> person) builds of updates? As I see it the longer the time between
>> vendor release and CentOS release people know that we are hittable if
>> they have a viable exploit?
>>
>> I ask this as I see that the core SIG is not concentrating on the job at
>> hand and concentrating on the work of their new masters - Red Hats
>> CentOS? Their heads are in the cloud. ;-)
> unsure if this is a troll post or you actually meant to raise tangiable
> concerns ?
>
>

I am in complete agreement.

7.3.1611 took 39 days from the upstream release which is 2 weeks longer
than the previous el7 drops.

The latest https://rhn.redhat.com/errata/RHSA-2016-2946.html which is a
critical update for firefox released on the 14th is still not released
for CentOS 7 after 2 days.

It appears the core team have lost focus on what's important. The SIG
stuff should be peripheral. The altarch stuff should be peripheral.
Concentrate on what's important - it's the DISTRO. The rest of it may be
nice to have but the important part is the core of the distro. Anything
else is just distraction.

Trevor