[CentOS] OpenSSL Update - not a security update???

Thu Mar 3 20:58:56 UTC 2016
Mark Milhollan <mlm at pixelgate.net>

On Wed, 2 Mar 2016, Johnny Hughes wrote:
>On 03/02/2016 10:42 AM, Mark Milhollan wrote:

>>I wish --security was functional 

>>I hope that the lack is not due to 
>>the assumed use resulting in it being ignored.
>
>That is not the reason, 

>We do not have enough space on donated mirrors 

Surely the data could be tailored to provide only that which applies to 
the current set of RPMs.  Do we know that yum will fail if RPMs are 
cited in the file but which are not available for install?

>the data required for the xml file is not redistributable.

That does sound like it is being ignored, because you know you can't do 
it.

As things stand.

(I think you should put all this in an/the FAQ then point people to it, 
instead of sending large swaths of the same words yet again, which must 
surely be frustrating.)

But the project could lobby Red Hat for access to the file, whether for 
just CentOS (RH has done things just for CentOS before) or for the wider 
community of rebuilders.  I can't know if this has been attempted, but 
it has not been mentioned as having been asked.

Can I help lobby for such access?  I bet that would only be possible 
after CentOS has started such a petition, since non-RHEL users cannot 
submit feature requests.  But the CentOS project isn't quite in the same 
boat as its users, so you might be able to open such a ticket and if it 
were public others could jump in with their support.  Or would a SIG be 
the right avenue?

Would Red Hat pay any attention to 3rd party lobbying sites?  At least I 
think I remember such existing, though I cannot at the moment recall any 
names.


/mark