[CentOS] Re: CentOS Repo Questions (and Samba)

Bit bit2300 at gmail.com
Fri Dec 7 15:32:05 UTC 2007


Akemi Yagi wrote:
>> Since CentOS strives to be a free, binary-identical version of Red Hat,
>> how does this process work?  I imagine it goes something like this...
>>
>> Red Hat releases Red Hat Enterprise Linux AS 4.6 on some date.  I can't
>> seem to find the date on redhat.com, but according to wikipedia, it was
>> 15th of November, 2007.[1]
>>
>> So then once Red Hat releases RHEL AS 4.6, the CentOS team basically
>> downloads the source code/whatever they need, strips out the graphics
>> and other copyrighted material, "CentOS-ifies" it, and then releases it
>> as CentOS 4.6.
>>
>> Is that basically how this process works?
>>
>> So then the answer to my Samba related questions is this:  Red Hat
>> released the security updates that I mentioned as part of Update 6.
>> They didn't release anything for RHEL 4.5.  So naturally, the CentOS
>> team doesn't want to "backport" these updates to CentOS 4.5, they're
>> doing the same thing Red Hat did, releasing the new samba package with
>> the security fixes I mentioned (almost certainly in addition to other
>> fixes) as part of the CentOS Update 6.  And personally, I have to say
>> that makes a lot of sense since the point of CentOS is to be as
>> identical to RHEL as possible.
>>
>> Thanks again for responding, Johnny.  Would you please let me know if I
>> got that right and make any necessary corrections?
>>
>> Thanks,
>> - Bit
>>     
>
> I think you have a clear view on this topic. There is also a related
> thread in the CentOS forum and Johnny's response is comment #14
>
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=11376&forum=42
>
> Akemi
>   
Thanks for your response and the link; that helped a lot.

I think I need to clear up one thing in my post for sake of posterity.

"Red Hat released the security updates [for samba] that I mentioned as 
part of Update 6."

That's not really accurate.  The samba updates were not really *part* of 
Update 6, rather they were simply released *after* RHEL released Update 6.

Red Hat constantly releases security updates.  So while we're on RHEL 
4.5, Red Hat releases security updates and then these updates trickle 
from RHEL 4.5 down into CentOS 4.5 at a pretty quick pace.  But a RHEL 
Update is a big deal; it significantly changes lots of packages.  So 
after RHEL 4.6 is released, it takes the CentOS team a few weeks to 
"CentOS-ify" the Update and get CentOS 4.5 up to version 4.6.  During 
those few weeks, Red Hat is still releasing security updates, but they 
are for RHEL 4.6 and cannot realistically be applied to CentOS 4.5.  So 
we have to wait for CentOS to become 4.6 before it can start receiving 
security updates again.  And THAT'S what causes the short lag in 
security updates in CentOS after a point release.



More information about the CentOS mailing list