On Tue, Dec 24, 2019 at 10:19 AM Nicolas Kovacs <info at microlinux.fr> wrote:> Le 23/12/2019 ? 23:01, Jonathan Billings a ?crit : > > No. 8-stream is where packages will (eventually) be available to test > software that?ll be part of the next point release of RHEL. So, for > example, before RHEL 8.1 was released, 8-stream had kernel packages with a > version-release close to what was eventually released in RHEL 8.1, and > eventually into CentOS 8.1.xxxx. > > In short and to sum it up, CentOS 8 in its current state has some > unpatched vulnerabilities. They have been adressed in RHEL since > October, but not in CentOS. > > It's fair to say this raises a few eyebrows among concerned CentOS users. > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'?glise - 30730 Montpezat > Site : https://www.microlinux.fr > Mail : info at microlinux.fr > T?l. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >I don't know whether the below steps are permitted. but, you can install RHEL 8.1 Developer Edition on a VM. Download the SRPM for your package. Then rebuild on the CentOS machine and install the RPM. This is just for the important fixes like security. thanks --- Thomas Stephen Lee
Le 24/12/2019 ? 08:03, Thomas Stephen Lee a ?crit?:> I don't know whether the below steps are permitted. > but, you can install RHEL 8.1 Developer Edition on a VM. > Download the SRPM for your package. > Then rebuild on the CentOS machine and install the RPM. > This is just for the important fixes like security.That's missing the point. While it's perfectly understandable that there's always a certain lag between upstream RHEL and CentOS, seven weeks without security updates is a serious showstopper for production use. There's a difference between "use upstream Red Hat if you badly need those critical updates" and "don't use CentOS on your production servers". Cheers & merry Christmas from blocked Paris on strike :o) Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
On Tue, Dec 24, 2019 at 12:57 AM Nicolas Kovacs <info at microlinux.fr> wrote:> That's missing the point. > > While it's perfectly understandable that there's always a certain lag > between upstream RHEL and CentOS, seven weeks without security updates > is a serious showstopper for production use. > > There's a difference between "use upstream Red Hat if you badly need > those critical updates" and "don't use CentOS on your production servers". >on the other hand, 99% of those security updates are things that probably don't affect most centos deployments. -- -john r pierce recycling used bits in santa cruz