On Thu, Feb 24, 2011 at 12:05 PM, Ian Murray <murrayie at yahoo.co.uk> wrote: >>> However, it was my >> > understanding that "Critical" security updates and those that are >> > "remotely exploitable" would be pushed out ahead of 5.6. >> >> That is my understanding, too. However, I see that the only "Critical" >> one on your list is java-1.6.0-sun. This is not included in CentOS... > As far as I understand this is a highly untrivial task and breaks the "binary > compatible" rule. Nevertheless, this was attempted one or two dot releases ago, > I think as an experiment as much as anything. > > I am not sure how the CentOS team thought of that exercise, in hindsight. I > would be interested in knowing. From the explanation that Russ gave, it was a > mighty effort, as far as I remember. Right, it is not an easy task as we see from the past experience. I think Karanbir is trying to come up with the way CentOS can provide critical security updates ahead of the pending major release as we can see in his post [1] to the -devel mailing list: "all updates to the /5/ tree are monitored and anything which has a remote or local exploit will get pushed into the /5/ tree; things in 5.6 and against 5.6 that dont meet that criteria wait for 5.6 release. build order, linking, inheriting upstream testing etc etc to blame." [1] http://lists.centos.org/pipermail/centos-devel/2011-February/006916.html Akemi