[CentOS-devel] CentOS Stream 9 security patches: Where is polkit?

Wed Feb 2 21:27:40 UTC 2022
Steven Rosenberg <passthejoe at gmail.com>

On Tue, Feb 1, 2022 at 3:12 PM Josh Boyer <jwboyer at redhat.com> wrote:

> CentOS Stream addresses CVE fix policy in the FAQ.  That policy will
> not change with the release of RHEL 9.
I had to look this up.

>From https://centos.org/distro-faq/:
Q4: How will CVEs be handled in CentOS Stream?

*A:* Security issues will be updated in CentOS Stream after they are solved
in the current RHEL release. Obviously, embargoed security releases can not
be publicly released until after the embargo is lifted. While there will
not be any SLA for timing, Red Hat Engineers will be building and testing
other packages against these releases. If they do not roll in the updates,
the other software they build could be impacted and therefore need to be
redone. There is therefore a vested interest for them to get these updates
in so as not to impact their other builds and there should be no issues
getting security updates.
Q5: Does this mean that CentOS Stream is the RHEL BETA test platform now?

*A:* No. CentOS Stream will be getting fixes and features ahead of RHEL.
Generally speaking we expect CentOS Stream to have fewer bugs and more
runtime features as it moves forward in time but always giving direct
indication of what is going into a RHEL release

I don't have my eye on RHEL 9 at this point, so I can't say how that distro
handled the polkit update.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20220202/a3f09235/attachment.html>