Hi to all, Am I wrong or the CentOS AppStream repo is heavily lagging behind the RedHat repos? Some examples here: - the php:7.2 critical security errata published on 2019-11-06 (that's almost 2 weeks ago) [1] [2] is still unavailable in the CentOS AppStream repo leaving systems vulnerable to an already exploited bug [3]; - (this is less critical IMHO) new yum modules published in EL8.1 on on 2019-11-05 (php:7.3 nginx:1.16, ruby:2.6, nodejs:12) are still unavailable in the CentOS AppStream repo; I'm wondering if it's unintended and justified by lack of time and resources or it's a sneaky strategy to let users choose RHEL for running production systems instead of CentOS. I'm really sorry to say that but the issue described here and the lack of a security errata bulletin [4], makes CentOS8 almost unusable on a production environment. Thanks for your attention. Regards Angelo Barney [1] https://access.redhat.com/errata/RHSA-2019:3735 [2] https://nvd.nist.gov/vuln/detail/CVE-2019-11043 [3] https://nextcloud.com/blog/nextcry-or-how-a-hacker-tried-to-exploit-a-nginx-issue-with-2-nextcloud-servers-out-of-300-000-hit-and-no-payout/ [4] https://lists.centos.org/pipermail/centos-devel/2019-November/018053.html -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20191119/c1d21d29/attachment-0005.html>