Am 30.07.2015 um 12:53 schrieb Johnny Hughes <johnny at centos.org>: > On 07/30/2015 04:37 AM, Johnny Hughes wrote: >> >> Because we do CR, CentOS users had access to the 6.7 updates a full 3 >> days before anyone else made them available and CR was released less >> than 5 days after the release of RHEL 6.7. >> > > For those interested, here is a bit longer explanation: Thanks to take the time for this explicit explanation. In particular because this "missing piece" resurfaces the same discussions. A candidate for the wiki (if not already there). > ... > That is why I can't just cherry pick a bind update or a libuser update > built on the CentOS-6.7 package set and release it in 6.6 or 6.5 or 6.4 > .. it may or may not work and it may or may not be secure in that > environment. Is it a good idea to reflect this consequently via %{dist} (e.g el5_11 el6_7)?? This should not conflict with upstreams package versioning. Despite that some packages stay on the same version while the distribution is moving forward. But it shows the relation like acme.1.el6_4.3 is for 6.4 or higher. Not sure if upstream is using it in that conceptual manner: Following upstream listing shows some ambiguous %{dist} tags, thought. httpd-2.2.15-5.el6.src.rpm httpd-2.2.15-9.el6.src.rpm httpd-2.2.15-9.el6_1.2.src.rpm httpd-2.2.15-9.el6_1.3.src.rpm httpd-2.2.15-15.el6.src.rpm httpd-2.2.15-15.el6_2.1.src.rpm httpd-2.2.15-26.el6.src.rpm httpd-2.2.15-28.el6_4.src.rpm httpd-2.2.15-29.el6_4.src.rpm httpd-2.2.15-30.el6_5.src.rpm httpd-2.2.15-31.el6_5.src.rpm httpd-2.2.15-39.el6.src.rpm httpd-2.2.15-45.el6.src.rpm -- LF