[CentOS] why no recent bind update for CentOS 6?

Thu Jul 30 09:37:30 UTC 2015
Johnny Hughes <johnny at centos.org>

On 07/29/2015 07:27 PM, Nathan Duehr wrote:
>> On Jul 29, 2015, at 18:20, Nathan Duehr <denverpilot at me.com> wrote:
>>> On Jul 28, 2015, at 18:48, Peter <peter at pajamian.dhs.org> wrote:
>>> On 07/29/2015 11:51 AM, Noam Bernstein wrote:
>>>> Hi CentOS developers - I’ve been happily using CentOS for several
>>>> years now, so thanks for all the good work.  In the last week,
>>>> however, I noticed that while the items in RHSA-2015:1443 has shown
>>>> up as updates (and announced on centos-announce), the analogous
>>>> update for CentOS 6, RHSA-2015:1471 (according to
>>>> https://access.redhat.com/security/cve/CVE-2015-4620), doesn’t seem
>>>> to be there.  Is there any reason why those of us using CentOS 6 are
>>>> left behind, and/or any idea when a CentOS 6 bind update will be
>>>> available?
>>> It's currently in the CentOS CR repository and will be released when
>>> CentOS 6.7 drops soon.  If you want it now then just enable cr and
>>> you'll get it with yum update:
>>> http://wiki.centos.org/AdditionalResources/Repositories/CR
>> Why didn’t it just go into CentOS 6.6 like a dozen other packages this week?
> Disregard, I guess for whatever reason when a new dot-release is going on, things go into CR, but otherwise they go into the dot-release.  Or so I just read in the notes about the current repo state.
> Yay, another goofy annoying thing to remember and another thing to go add to ansible code to deploy and undeploy this goofy CR repo, just to check machines properly for security updates. 
> Not that I don’t love ya, volunteers, but I really hate waiting on security updates while they bounce through CR… that doesn’t make any sense at all.  Bug fixes, sure… security, no.

Of course it makes sense.  Those security updates are not released in a
vacuum, and all the things they are built on/against also need to be
released and installed for them to work.

The source code for the ssecurity updates you are talking about are
built against RHEL-6.7, not 6.6 by Red Hat.  They don't necessarily work
on 6.6 without the other updates installed.  They also will not
necessarily work correctly if built against 6.6 and then used later on
6.7.  We don't do this because it is fun.  In fact, it is exact opposite
of fun, it is quite a PITA.  We do it because in order to run the
updates (and have them work correctly), you also have to be running the
rest of 6.7.

We are providing CR .. SO .. you can get all the updates if you want
them early .. WHILE .. we also test and release 6.7.  It is double the

Because we do CR, CentOS users had access to the 6.7 updates a full 3
days before anyone else made them available and CR was released less
than 5 days after the release of RHEL 6.7.

Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150730/65349293/attachment-0004.sig>