On Thu, Jul 30, 2015 at 5:37 AM, Johnny Hughes <johnny at centos.org> wrote: > On 07/29/2015 07:27 PM, Nathan Duehr wrote: > >> > >> On Jul 29, 2015, at 18:20, Nathan Duehr <denverpilot at me.com> wrote: > >> > >>> On Jul 28, 2015, at 18:48, Peter <peter at pajamian.dhs.org> wrote: > >>> > >>> On 07/29/2015 11:51 AM, Noam Bernstein wrote: > >>>> Hi CentOS developers - I’ve been happily using CentOS for several > >>>> years now, so thanks for all the good work. In the last week, > >>>> however, I noticed that while the items in RHSA-2015:1443 has shown > >>>> up as updates (and announced on centos-announce), the analogous > >>>> update for CentOS 6, RHSA-2015:1471 (according to > >>>> https://access.redhat.com/security/cve/CVE-2015-4620), doesn’t seem > >>>> to be there. Is there any reason why those of us using CentOS 6 are > >>>> left behind, and/or any idea when a CentOS 6 bind update will be > >>>> available? > >>> > >>> It's currently in the CentOS CR repository and will be released when > >>> CentOS 6.7 drops soon. If you want it now then just enable cr and > >>> you'll get it with yum update: > >>> http://wiki.centos.org/AdditionalResources/Repositories/CR > >> > >> Why didn’t it just go into CentOS 6.6 like a dozen other packages this > week? > > > > Disregard, I guess for whatever reason when a new dot-release is going > on, things go into CR, but otherwise they go into the dot-release. Or so I > just read in the notes about the current repo state. > > > > Yay, another goofy annoying thing to remember and another thing to go > add to ansible code to deploy and undeploy this goofy CR repo, just to > check machines properly for security updates. > > > > Not that I don’t love ya, volunteers, but I really hate waiting on > security updates while they bounce through CR… that doesn’t make any sense > at all. Bug fixes, sure… security, no. > > > > Of course it makes sense. Those security updates are not released in a > vacuum, and all the things they are built on/against also need to be > released and installed for them to work. > > The source code for the ssecurity updates you are talking about are > built against RHEL-6.7, not 6.6 by Red Hat. They don't necessarily work > on 6.6 without the other updates installed. They also will not > necessarily work correctly if built against 6.6 and then used later on > 6.7. We don't do this because it is fun. In fact, it is exact opposite > of fun, it is quite a PITA. We do it because in order to run the > updates (and have them work correctly), you also have to be running the > rest of 6.7. > > We are providing CR .. SO .. you can get all the updates if you want > them early .. WHILE .. we also test and release 6.7. It is double the > work. > > Because we do CR, CentOS users had access to the 6.7 updates a full 3 > days before anyone else made them available and CR was released less > than 5 days after the release of RHEL 6.7. > > Thanks, > Johnny Hughes > > OK, sorry to bring this up again, but why then is CentOS doing "rolling updates" for CentOS 7 with different version numbers/base builds from RedHat? Based on what you said here, the CentOS 7 strategy doesn't make any sense to me. -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu