[CentOS] Security Updates not properly flagged

Mon Jun 21 11:56:33 UTC 2021
Doczkal, Thomas <Thomas.Doczkal at eu.socionext.com>

Sorry, I forgot to mention that I am using CENTOS 7.
This should receive the Red Hat Update cycle releases until 2024, right?



Thomas Doczkal
Snr System Engineer

Socionext Europe GmbH
pittlerstrasse 47
63225 langen, germany
tel +49-6103-3745-386
mobile +49-174-9226082
fax +49-6103-3745-122
thomas.doczkal at socionext.com

Geschaeftsfuehrer/Managing Director: Toshihiko Tanaka, Dirk Weinsziehr,
Koichi Otsuki, Yutaka Yoneyama

Sitz/Seat: Langen, Hessen; Registergericht/Commercial Register:
Offenbach/Main HRB 48005

This e-mail and any attachment contains information
which is private and confidential and is intended for
the addressee only. If you are not an addressee, you
are not authorized to read, copy or use the e-mail or
any attachment. If you have received this e-mail in
error, please notify the sender by return e-mail and
then delete it.

From: CentOS <centos-bounces at centos.org> on behalf of Gionatan Danti <g.danti at assyoma.it>
Sent: Monday, June 21, 2021 01:53 PM
To: CentOS mailing list
Subject: Re: [CentOS] Security Updates not properly flagged

Il 2021-06-21 13:34 Pete Biggs ha scritto:
> CentOS does not provide the metadata to allow the --security flag to
> work.


> It doesn't provide it because that information from Redhat is
> proprietary and not open source.

This is not my understanding. From what I can see, updates which patches
CVEs are freely readable on Red Has site. For example:
CVE: https://access.redhat.com/security/cve/cve-2021-3156
UPDATE: https://access.redhat.com/errata/RHSA-2021:0221

Historically the CentOS team refused to provide such metadata due to the
added work required. Now with Stream, and the demise of classic CentOS,
security updates are even less probable (ie: a rolling release is often
wholly updated).


Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8
CentOS mailing list
CentOS at centos.org