> -----Original Message----- > From: CentOS-devel <centos-devel-bounces at centos.org> On Behalf Of > Leon Fauster via CentOS-devel > Sent: Wednesday, 7 October 2020 23:41 > To: centos-devel at centos.org > Subject: Re: [CentOS-devel] Module version differences between RHEL8 and > Centos8? > > > Am 07.10.20 um 16:46 schrieb Antal Nemeš: > > > > > >> -----Original Message----- > >> From: CentOS-devel <centos-devel-bounces at centos.org> On Behalf Of > >> Leon Fauster via CentOS-devel > >> Sent: Wednesday, 7 October 2020 12:31 > >> To: centos-devel at centos.org > >> Subject: Re: [CentOS-devel] Module version differences between RHEL8 > >> and Centos8? > >> > > <snip> > > > >> Cherry picking only sec updates is not supported by this distribution. > >> It results in a combination of installed packages that is not tested. > >> IIRC every RHSA has a statement that all (latest) packages must be > >> applied to be "secure". In this case it is not worth the effort to > >> map hashes but other objectives like reportable compliance will require > such metadata. > > > > I have not observed such statements in RHSA, at least not for RHEL8. Do > you have a reference I can look at? > > RHEL8 docs clearly make a provision for it: > > https://access.redhat.com/documentation/en- > us/red_hat_enterprise_linux > > /8/html/managing_and_monitoring_security_updates/installing-security-u > > pdates_managing-and-monitoring-security-updates > > > As I said (IIRC) - I remember that the mentioned sentence where > everywhere placed: Like here > > https://access.redhat.com/errata/RHBA-2020:3264 > > but it seems not to be on every errata anymore ... Thanks for the reference. I see this note consistently on RHBA, but I have so far not seen it on any RHSA. > -- > Leon > > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > https://lists.centos.org/mailman/listinfo/centos-devel