CentOS - Jun 2019 - mirror.centos.org ships non-updated version of bind ?

Hi,

RedHat published an update for bind two weeks ago - it's fixed some bind
vulnerabilities (https://access.redhat.com/errata/RHSA-2019:1294).

There's a commit 'import bind-9.9.4-74.el7_6.1' on
https://git.centos.org/rpms/bind/commits/c7 since 12 ago but 
http://mirror.centos.org/ still ships the old non-updated version of bind
(bind-9.9.4-73.el7_6.x86_64.rpm)

Couldn't find bind on cbs.centos.org but I'm not really familiar with
the building / publishing process at CentOS.

Which steps are between ' RedHat published an update' and '
mirror.centos.org'?


Best regards,
Rob?rt

Okay, some minutes before I post this question - the update was pushed to
mirror.centos.org and an announcement was published:
https://lists.centos.org/pipermail/centos-announce/2019-June/023321.html

But the actually question still remains:
Which steps are between 'RedHat published an update' and
'mirror.centos.org'?

At Fedora there's 'Bodhi' where Users can review/test new updates -
and give positive karma for working updates. Is there something similar for
Centos or are updates checked by selected audience?

Best regards,
Rob?rt


> cosml at rsguhr.eu hat am 11. Juni 2019 um 01:17 geschrieben:
> 
> 
> Hi,
> 
> RedHat published an update for bind two weeks ago - it's fixed some
bind vulnerabilities (https://access.redhat.com/errata/RHSA-2019:1294).
> 
> There's a commit 'import bind-9.9.4-74.el7_6.1' on
https://git.centos.org/rpms/bind/commits/c7 since 12 ago but 
http://mirror.centos.org/ still ships the old non-updated version of bind
(bind-9.9.4-73.el7_6.x86_64.rpm)
> 
> Couldn't find bind on cbs.centos.org but I'm not really familiar
with the building / publishing process at CentOS.
> 
> Which steps are between ' RedHat published an update' and '
mirror.centos.org'?
> 
> 
> Best regards,
> Rob?rt
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

> Okay, some minutes before I post this question - the update was pushed to
> mirror.centos.org and an announcement was published:
> https://lists.centos.org/pipermail/centos-announce/2019-June/023321.html
>
> But the actually question still remains:
> Which steps are between 'RedHat published an update' and
> 'mirror.centos.org'?
>
> At Fedora there's 'Bodhi' where Users can review/test new
updates - and
> give positive karma for working updates. Is there something similar for
> Centos or are updates checked by selected audience?
In contrast to Fedora the updates for CentOS mean mostly rebuild from the
upstream sources. So testing is probably only needed for the correct build
but not for included updates. They were already tested by upstream.

Regards,
Simon

On 6/11/19 12:45 AM, cosml at rsguhr.eu wrote:
> Okay, some minutes before I post this question - the update was pushed to
mirror.centos.org and an announcement was published:
> https://lists.centos.org/pipermail/centos-announce/2019-June/023321.html
> 
> But the actually question still remains:
> Which steps are between 'RedHat published an update' and
'mirror.centos.org'?
> 
> At Fedora there's 'Bodhi' where Users can review/test new
updates - and give positive karma for working updates. Is there something
similar for Centos or are updates checked by selected audience?
> 
The steps are that the source code is released to git.centos.org .. in
this case, the source code was released here:

https://git.centos.org/rpms/bind/commits/c7

Then the source code for all the updates that happen at that time are
downloaded to our build system and built.  Then we do builds for x86_64,
i686, ppc64 , ppc64le, aarch64, armhfp for all updates.

Those builds can be looked at here:

https://buildlogs.centos.org/c7.1810.00.x86_64/

(and all the other arches)

Then once everything builds, it gets pushed to the signing and then to
CI testing:


https://ci.centos.org/view/CentOS-Core/job/C7-x86_64-Pretest-Updates/

(and all the other arches)

Then if/when it passes, it is released.
> 
> 
>> cosml at rsguhr.eu hat am 11. Juni 2019 um 01:17 geschrieben:
>>
>>
>> Hi,
>>
>> RedHat published an update for bind two weeks ago - it's fixed some
bind vulnerabilities (https://access.redhat.com/errata/RHSA-2019:1294).
>>
>> There's a commit 'import bind-9.9.4-74.el7_6.1' on
https://git.centos.org/rpms/bind/commits/c7 since 12 ago but 
http://mirror.centos.org/ still ships the old non-updated version of bind
(bind-9.9.4-73.el7_6.x86_64.rpm)
>>
>> Couldn't find bind on cbs.centos.org but I'm not really
familiar with the building / publishing process at CentOS.
>>
>> Which steps are between ' RedHat published an update' and '
mirror.centos.org'?
>>
>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20190611/3b047cec/attachment-0002.sig>