On 12/20/20 4:54 PM, Nico Kadel-Garcia wrote: > On Sun, Dec 20, 2020 at 6:34 PM Gordon Messmer <gordon.messmer at gmail.com> wrote: >> On 12/19/20 8:27 PM, Nico Kadel-Garcia wrote: >>> On Sat, Dec 19, 2020 at 12:29 PM Matthew Miller <mattdm at mattdm.org> wrote: >>>> It's important to note that the CentOS Linux rebuild never actually had >>>> this. RHEL minor releases are actually branches, and you can stay at a minor >>>> release and still get security updates. >>> Are you saying the >>> CentOS point releases do *not* match as closely as possible the >>> corresponding RHEL point release? >> No, no one is saying that. Matthew said that you can stay at a minor >> release of RHEL and still get security updates. CentOS does not offer that. > If I may say, I didn't see him say that. I had quoted it above. > If you call Red Hat about > current CVE's, the updates are in the main update channels. Yes, they're in the main update channels, but they'll *also* be in update channels for RHEL minor releases that are still supported. There are no such channels for CentOS minor releases that aren't the most recent release. >> In RHEL, a minor release is a branch. You can install RHEL 7.8, and >> keep a host on RHEL 7.8 until the end of its life cycle. If you want >> long term support for an OS with minimal changes, but continued support, >> that's a thing that RHEL provides. > And for CentOS, you point them to the vault archives of the old OS for > installation media, and apply the updates as needed from the main > channel. That's often true, but not necessarily so, because of the problem that Mark described in his email yesterday: "If I build something for EL 8.2, it will *probably* work in EL 8.3. However, if I build something in EL 8.3,there is no guarantee it will work in EL 8.2." Linux ABIs aren't forward compatible. Updates prepared for the current release may or may not actually work when applied to an older release. You cannot, therefore, reliably keep a CentOS system on a non-current minor release and still get security or bug fixes.