[CentOS] CentOS rpm versioning

Mon Mar 16 16:46:34 UTC 2020
koka miptpatriot <miptpatriot at gmail.com>

So there is no way to automatically compare RHEL and CentOS rpms.

Why CentOS can't user versions like
"10.3.17-1.module+el8.1.0+3974+90eded8-cento+257+48736ea"?
They would be both consistent with rhel and have all needed hashes.

пн, 16 мар. 2020 г. в 17:37, Stephen John Smoogen <smooge at gmail.com>:

> On Mon, 16 Mar 2020 at 12:17, koka miptpatriot <miptpatriot at gmail.com>
> wrote:
>
> > Hello
> >
> > Clair vulnerability scanner considers the latest version of CentOS
> mariadb
> > vulnerable, because of RHSA-2019:3708
> > It states, that mariadb must be updated at least to the version
> > "10.3.17-1.module+el8.1.0+3974+90eded84". CentOS' last version is
> > "10.3.17-1.module_el8.1.0+257+48736ea6". Rpm/yum considers CentOS'
> version
> > older, than RHEL's.
> >
> > % rpmdev-vercmp 3:10.3.17-1.module_el8.1.0+257+48736ea6
> 3:10.3.17-1.module+
> > el8.1.0+3974+90eded84
> > 3:10.3.17-1.module_el8.1.0+257+48736ea6 <
> 3:10.3.17-1.module+el8.1.0+3974+
> > 90eded84
> >
> > That's why Clair considers it's vulnerable. Is there any way to fix it?
> >
> >
> The issue is that you can not get equivalent versions of CentOS modules to
> Red Hat modules because the MBS versioning system uses some sort of hash to
> separate builds apart. You also can not compare CentOS to Red Hat
> Enterprise Linux packages using rpmdev-vercmp but have to do your own
> auditing to see if they are equivalent.
>
>
>
> > --
> > skype: miptpatriot
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> --
> Stephen J Smoogen.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
skype: miptpatriot