On 04.08.21 14:00, Josh Boyer wrote: > On Wed, Aug 4, 2021 at 6:14 AM Leon Fauster via CentOS-devel > <centos-devel at centos.org> wrote: >> <snip> >> >> Here my context: I am comparing two nodes >> based on CS8 (Centos 8 Stream ). One have >> >> freetype-2.9.1-5.el8.x86_64 >> and the other have >> freetype-2.9.1-4.el8_3.1.x86_64 > > At one point in time during RHEL 8.4 development, freetype-2.9.1-5.el8 > was set to be shipped. However, it only fixed a CVE and that CVE was > already fixed by the freetype-2.9.1-4.el8_3.1 that as shipped as part > of a batch update. There was no reason to ship a build that didn't do > anything, so it was dropped on the RHEL side. > > My educated guess is that Stream 8 picked up the -5.el8 build during > the course of RHEL 8.4 development as expected, and then when it was > dropped on the RHEL side it used the -4.el8_3.1 update because that is > indeed the latest available even today. > > This is one of the unintended consequences of how Stream 8 is produced. Thanks for the explanation. I did not though that such activity would come so much to the front and produce a installable artifact. But it looks like that such dropped rpms do not have a serious impact (at least this one). >> The mirror >> http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/ >> shows freetype-2.9.1-4.el8_3.1.x86_64 has the latest. >> >> I wonder where this version 2.9.1-5 is coming from? The node was >> regularly installed with C8 and then swapped to CS8 ... >> <snip> >> >> >> I see it here >> >> https://koji.mbox.centos.org/koji/packageinfo?packageID=408 >> >> but not on the mirrors ... >> >> A retired package? > > Not retired, just a build that will never be shipped at this point. I will incorporate this insight into our plausibility checks ... Thanks. -- Leon