> No, it's not really for security reasons. It's for performance (or > efficiency). Doing the "yum -y update" in the %post adds > considerable time to the total install. I'm working on creating a > CentOS VM to be used here at work, and while I'm still in the testing > phase, I'd like to reduce the turnaround time. Also, I think I can > reduce the VM footprint if I install the final version of all the > RPMS initially, instead of installing 4.4 first and then all the > updates. Without re-rolling the install tree, there isn't much way to accomplish building the updates into the installer. You would have to do the install via %post, though with a local repository this shouldn't be overly long. The alternative (which is much more work) would be to check out the /build directory on the mirrors and consider building new install media with the updates rolled in. Personally this isn't really worth the effort to me. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell