On Tue, Feb 1, 2022 at 3:12 PM Josh Boyer <jwboyer at redhat.com> wrote: > > CentOS Stream addresses CVE fix policy in the FAQ. That policy will > not change with the release of RHEL 9. > > I had to look this up. >From https://centos.org/distro-faq/: Q4: How will CVEs be handled in CentOS Stream? *A:* Security issues will be updated in CentOS Stream after they are solved in the current RHEL release. Obviously, embargoed security releases can not be publicly released until after the embargo is lifted. While there will not be any SLA for timing, Red Hat Engineers will be building and testing other packages against these releases. If they do not roll in the updates, the other software they build could be impacted and therefore need to be redone. There is therefore a vested interest for them to get these updates in so as not to impact their other builds and there should be no issues getting security updates. Q5: Does this mean that CentOS Stream is the RHEL BETA test platform now? *A:* No. CentOS Stream will be getting fixes and features ahead of RHEL. Generally speaking we expect CentOS Stream to have fewer bugs and more runtime features as it moves forward in time but always giving direct indication of what is going into a RHEL release --------------------------------------------------- I don't have my eye on RHEL 9 at this point, so I can't say how that distro handled the polkit update. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20220202/a3f09235/attachment.html>