[CentOS] It's been six days since CVD-2021-33909 was patched in RHEL, what's the holdup for Stream 8?

Thu Jul 29 03:18:30 UTC 2021
Carl George <carl at redhat.com>

kernel-4.18.0-326.el8 is being pushed to the mirrors now.

On Wed, Jul 28, 2021 at 2:42 PM Brian Stinson <bstinson at redhat.com> wrote:
> Carl summarized really well how code moves through RHEL and CentOS
> Stream, and we’re working on making sure we publish a build that has
> made it through the usual set of RHEL tests. -326 is a possible
> candidate here.
> Think about CentOS Stream as the development location for the next-minor
> release of RHEL.  I’d like to highlight some of the general points
> related to this discussion:
> - There are certain classes of CVE that we handle differently from
> normal development work:
> https://centos.org/distro-faq/#q4-how-will-cves-be-handled-in-centos-stream
> <https://centos.org/distro-faq/#q4-how-will-cves-be-handled-in-centos-stream>
> - Since these fixes need to go into RHEL first, getting them into the
> development location (CentOS Stream) represents a separate set of work.
> - Our intent is to get CVE fixes like this into Stream as soon as
> they’re available within the guidelines referenced in the FAQ
> In the past updates have gone out quickly, we haven’t artificially held
> up pushes and we will not do so going forward. We don’t, though, make
> any forecasts or guarantees about turnaround time, this is to make sure
> we deliver those fixes correctly.
> I hope that as we continue rolling out new workflows in CentOS Stream 9,
> we will be able to provide more direct feedback on patch status at a
> source code level. Just as a reminder you can view and participate in
> development happening on Gitlab:
> https://gitlab.com/redhat/centos-stream/
> <https://gitlab.com/redhat/centos-stream/>
> --Brian
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Carl George