> Q3) Does this indicate that only the latest CentOS (minor) release can
> be considered "secure" or "patched"?
Yes. Security errata for previous Enterprise Linux minor releases are
a Red Hat product called Extended Update Support (EUS) [0]. CentOS
doesn't build EUS updates. CentOS point releas
Am 05.08.20 um 17:55 schrieb Johnny Hughes:
On 8/5/20 10:45 AM, cen...@niob.at wrote:
On 05/08/2020 16:49, Johnny Hughes wrote:
On 8/5/20 1:05 AM, cen...@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is
On 05/08/2020 17:55, Johnny Hughes wrote:
Having said all this: maybe there is some deeper problem here, because
of that pattern of missing announce e-mails that correspond with
packages that differ in the final version number with respect to the
upstream package. Or is this just a coincidence?
On 8/5/20 10:45 AM, cen...@niob.at wrote:
> On 05/08/2020 16:49, Johnny Hughes wrote:
>> On 8/5/20 1:05 AM, cen...@niob.at wrote:
>>> On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
> Q5) If the answer to the last question is "no": shouldn't there be
>>
On 05/08/2020 16:49, Johnny Hughes wrote:
On 8/5/20 1:05 AM, cen...@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is "no": shouldn't there be such
a resource?
CentOS doesn't publish security errata. If y
On 8/5/20 1:05 AM, cen...@niob.at wrote:
> On 04/08/2020 23:50, Jon Pruente wrote:
>> On Tue, Aug 4, 2020 at 11:34 AM wrote:
>>
>>> Q5) If the answer to the last question is "no": shouldn't there be such
>>> a resource?
>>>
>> CentOS doesn't publish security errata. If you need it then you should
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is "no": shouldn't there be such
a resource?
CentOS doesn't publish security errata. If you need it then you should
either buy RHEL, or deal with putting together your own se
On Tue, Aug 4, 2020 at 11:34 AM wrote:
> Q5) If the answer to the last question is "no": shouldn't there be such
> a resource?
>
CentOS doesn't publish security errata. If you need it then you should
either buy RHEL, or deal with putting together your own set up with
something like http://cefs.st
Dear List,
I have spent some time playing around with oscap and the RHEL OVAL feed
(https://www.redhat.com/security/data/oval/v2/RHEL8/, also check Chapter
16 of the RHEL 8 Design Guide). Because I could not find an existing
OVAL file for CentOS, I downloaded one of the RHEL8 files and managed
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
> I don't want to cause any trouble here, but what does this
> have to do with generating advisory information that is
> provided by the vendor?
... if you won't acknowledge the landmines, you get blown
up, eventually, I hear
> I believe this fe
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of R P Herrold
> Sent: Wednesday, June 17, 2009 5:37 PM
> To: CentOS mailing list
> Subject: [CentOS] CentOS security advisories
>
> On Wed, 17 Jun 2009, Joshua
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
> I assume you mean this?
> http://www.redhat.com/legal/legal_statement.html
That is an assumption you make, all right --- that page does
not state it is exhaustive, however ...
> What I mean is, is there a specific Red Hat web page that
> defines wha
list
Subject: Re: [CentOS] CentOS security advisories
What I mean is, is there a specific Red Hat web page that defines what is
acceptable and what is not?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Joshua Bahnsen
Sent
mailing list
Subject: Re: [CentOS] CentOS security advisories
What exactly do you mean by "breaching the rhn aup's"?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Karanbir Singh
Sent: Wednesday, June 17,
What exactly do you mean by "breaching the rhn aup's"?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Karanbir Singh
Sent: Wednesday, June 17, 2009 3:59 PM
To: CentOS mailing list
Subject: Re: [CentOS]
Joshua Bahnsen wrote:
> I believe that's where I am seeing the biggest discrepancy. Has there been
> any discussion to put the advisory data in an updateinfo.xml form for use
> with the yum-security plugin?
yes, its come up a few times, there has been some work done on it as
well, however there
To: centos@centos.org
Subject: Re: [CentOS] CentOS security advisories
On 06/17/2009 09:56 AM, Ralph Angenendt wrote:
> "Historical Reasons", probably. All RHSAs should be there, RHBAs just
> haven't been announced for 4 - there's no other appalling reason I could
> th
> The tricky situation is also for the updates when a new iso set is
> released, eg 5.2 -> 5.3, upstream tend to publish a report for each
> package that is out there, we havent done that 'traditionally'. Given
> time and resources, I am sure we can revisit that, if anyone is really
> intereste
On 06/17/2009 09:56 AM, Ralph Angenendt wrote:
> "Historical Reasons", probably. All RHSAs should be there, RHBAs just
> haven't been announced for 4 - there's no other appalling reason I could
> think of at the moment :)
with the new process's going in - that should change.
> I'm not sure about
Joshua Bahnsen wrote:
> That's really my question. Is there any particular reason why not all
> Red Hat advisories (RHEA, RHBA and RHSA) have a CentOS counterpart? Is
> this due to time constraints, demand, or some other legal reason?
Ah.
"Historical Reasons", probably. All RHSAs should be there,
entOS security advisories
Joshua Bahnsen wrote:
> I have been looking at the security advisories provided here:
>
> http://lists.centos.org/pipermail/centos-announce/
>
> It appears that there is not a 1:1 correlation between advisories
> listed here and advisories listed
Joshua Bahnsen wrote:
> I have been looking at the security advisories provided here:
>
> http://lists.centos.org/pipermail/centos-announce/
>
> It appears that there is not a 1:1 correlation between advisories
> listed here and advisories listed by Red Hat:
>
> https://rhn.redhat.com/errata
>
I have been looking at the security advisories provided here:
http://lists.centos.org/pipermail/centos-announce/
It appears that there is not a 1:1 correlation between advisories listed here
and advisories listed by Red Hat:
https://rhn.redhat.com/errata
Is there a specific reason for this? Al
23 matches
Mail list logo
