[CentOS] Security Updates not properly flagged

Mon Jun 21 12:01:18 UTC 2021
Lange, Markus <M.Lange at dnb.de>


freely does not imply free to redistribute. Of course these
informations are available from various sources which allow
redistribution, but it takes time to aggregate them - time that someone
need to spend doing the necessary research.

best regards,

On Mon, 2021-06-21 at 13:53 +0200, Gionatan Danti wrote:
> Il 2021-06-21 13:34 Pete Biggs ha scritto:
> > CentOS does not provide the metadata to allow the --security flag
> > to
> > work.
> Right.
> > It doesn't provide it because that information from Redhat is
> > proprietary and not open source.
> This is not my understanding. From what I can see, updates which
> patches 
> CVEs are freely readable on Red Has site. For example:
> CVE: https://access.redhat.com/security/cve/cve-2021-3156
> UPDATE: https://access.redhat.com/errata/RHSA-2021:0221
> Historically the CentOS team refused to provide such metadata due to
> the 
> added work required. Now with Stream, and the demise of classic
> CentOS, 
> security updates are even less probable (ie: a rolling release is
> often 
> wholly updated).
> Regards.