[CentOS] "yum --security" and staying with 5.0

Amos Shapira

amos.shapira at gmail.com
Tue Dec 11 22:40:43 UTC 2007


Hello,

So I've watched a few threads about the new 5.0 vs. 5.1 upgrade and
have a couple of (hopefully) practical questions about this:

Context - I'd like to stick to 5.0 at least for a while until the dust
around 5.1 settles down (and I'm back from holidays).
As an example - In Debian, as long as I stick to "stable" I can be
sure that the only updates I receive there are for heavily tested very
important bugs and security issues, so I should generally apply them.

1. If I read the FAQ correctly, in order to force yum to stay with 5.0
should I just manually edit /etc/redhat-release from:

CentOS release 5 (Final)

to:

CentOS release 5.0 (Final)

(i.e. add ".0" to the version)? If not then what should I do?

2. I am hoping that yum-security will allow me to stick to the latest
security updates for 5.0 without forcing me to upgrade to 5.1 until
the dust settles down. Am I correct that this is possible with
yum-security and the repositories provided by CentOS? Will "yum update
--security" update packages with later versions only if those versions
fix security issues? Are security updates maintained for 5.0? Here is
what I get right now on one of my systems (without doing the change I
asked about in (1)):

# yum --security list updates
Loading "security" plugin
Loading "installonlyn" plugin
Setting up repositories
base                      100% |=========================| 1.1 kB    00:00
updates                   100% |=========================|  951 B    00:00
addons                    100% |=========================|  951 B    00:00
extras                    100% |=========================| 1.1 kB    00:00
Reading repository metadata in from local files
Limiting package lists to security relevant ones
No packages needed, for security, 196 available

If I drop the "--security" flag I indeed get a list of196 packages to upgrade.

So to clarify my question - is my system secure (in terms of package
versions) by sticking to "yum update --security"?

Thanks,

--Amos



More information about the CentOS mailing list