[CentOS-devel] Security and other updates - too slow

Fri Dec 16 18:31:13 UTC 2016
Phil Wyett <philwyett.hemisphere at gmail.com>

On Fri, 2016-12-16 at 10:49 +0000, Trevor Hemsley wrote:
> On 16/12/16 10:37, Karanbir Singh wrote:
> > On 15/12/16 23:43, Phil Wyett wrote:
> >> Hi,
> >>
> >> How is the core SIG looking at improving and speeding up (more than one
> >> person) builds of updates? As I see it the longer the time between
> >> vendor release and CentOS release people know that we are hittable if
> >> they have a viable exploit?
> >>
> >> I ask this as I see that the core SIG is not concentrating on the job at
> >> hand and concentrating on the work of their new masters - Red Hats
> >> CentOS? Their heads are in the cloud. ;-)
> > unsure if this is a troll post or you actually meant to raise tangiable
> > concerns ?
> >
> >
> 
> I am in complete agreement.
> 
> 7.3.1611 took 39 days from the upstream release which is 2 weeks longer
> than the previous el7 drops.
> 
> The latest https://rhn.redhat.com/errata/RHSA-2016-2946.html which is a
> critical update for firefox released on the 14th is still not released
> for CentOS 7 after 2 days.
> 
> It appears the core team have lost focus on what's important. The SIG
> stuff should be peripheral. The altarch stuff should be peripheral.
> Concentrate on what's important - it's the DISTRO. The rest of it may be
> nice to have but the important part is the core of the distro. Anything
> else is just distraction.
> 
> Trevor

Total agreement.

Regards

Phil


-- 

Google+: https://plus.google.com/+PhilWyett
Blog: https://philwyett-hemi.blogspot.co.uk/
GitLab: https://gitlab.com/philwyett_hemi/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161216/d50cce5b/attachment-0008.sig>