[CentOS-devel] re CVE errata in CentOS Stream

Thu Feb 25 18:06:47 UTC 2021
Matthew Miller <mattdm at mattdm.org>

On Thu, Feb 25, 2021 at 11:49:38AM -0500, Nico Kadel-Garcia wrote:
> Or: the version in Stream never got updated and is out-of-date due to
> a compatibility issue with another Stream tested component, and the
> security issue is great enough to release it in RHEL without ever
> making it to Stream. Unless there is a guarantee of some sort that
> Stream will *always* get new releases with or ahead of the production
> RHEL, there are very likely to be missed updates in Stream. I've run

This scenario doesn't make any sense to me. The next RHEL minor release will
come from Stream, and that will definitely need the fix too, so there's not
room for a long-standing divergence like this.

Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader