Ned Slider wrote: > I think the point is that there must be something very wrong/broken if > a) security updates are missing for over a month, and b) people don't > even like to ask for fear of offending someone, and c) no one really > talks about it. > > One of the projects stated goals has always been to release updates > within 72 hours, and often within 24 hours from upstream release. This > isn't about missing that target by a day or two, but rather that > security updates are completely missed altogether until someone notices > and says something at which point they normally appear 24 hours later. > It looks more like the process is broken to me, but as we have no idea > what the process actually is it's impossible to tell. Yes I agree, it seems that CentOS has been resource constrained for some time now, I'm not certain what the constraint is but myself I try not to complain since it is a volunteer effort. I've gotten the impression that there seems to be only a few(perhaps 4 or less) people working on the actual packaging stuff, and they probably don't get paid to make it a full time job, I'm sure it's not easy work. It'd be nice of some of the bigger companies that benefit from CentOS would contribute more, as of a few years ago at least F5 Networks used CentOS code on their load balancers[CentOS 3.x, very stripped down](prices ranging from $15k-500k), I don't think they have switched distributions since. The NAS cluster we have here comes from a company called Exanet(list price over $100k), and it runs on CentOS 4.4. I'm sure there are several others.. Hopefully they can get the support they need to beef up things like security updates and stuff, it seems things have been going downhill for a while now. nate