Am 27.03.15 um 20:30 schrieb Mark Haney: .... > > But to give an example, we run several Ubuntu 14.04 LTS virtual machines > and I've have a dozen or so security related updates that I've not seen for > CentOS, like openssl (which I do have installed on it) and gnutls. I know > package names don't always match up, but these are recent known > vulnerabilities and I don't like the feeling I'm not securing my systems > properly. > > Does that makes sense? yes it does - take a look at the centos announce mailinglist and see that the last update for centos 7 was pushed out on feb 25 you might want to have a look at the archives... http://lists.centos.org/pipermail/centos-announce/ or the announcement regarding the CR repo: http://lists.centos.org/pipermail/centos-announce/2015-March/020980.html