Hi, freely does not imply free to redistribute. Of course these informations are available from various sources which allow redistribution, but it takes time to aggregate them - time that someone need to spend doing the necessary research. best regards, Markus On Mon, 2021-06-21 at 13:53 +0200, Gionatan Danti wrote: > Il 2021-06-21 13:34 Pete Biggs ha scritto: > > CentOS does not provide the metadata to allow the --security flag > > to > > work. > > Right. > > > It doesn't provide it because that information from Redhat is > > proprietary and not open source. > > This is not my understanding. From what I can see, updates which > patches > CVEs are freely readable on Red Has site. For example: > CVE: https://access.redhat.com/security/cve/cve-2021-3156 > UPDATE: https://access.redhat.com/errata/RHSA-2021:0221 > > Historically the CentOS team refused to provide such metadata due to > the > added work required. Now with Stream, and the demise of classic > CentOS, > security updates are even less probable (ie: a rolling release is > often > wholly updated). > > Regards. >