Re: [CentOS] Security Updates not properly flagged
Il 2021-06-22 02:34 Gordon Messmer ha scritto: CentOS Stream is not a rolling release. It gets "rolling updates," but that just means that there are no point releases within a major release, and that updates aren't delayed in order to group rebased packages together at 6 month intervals. Hi Gordon, yeah, I used the term "rolling release" in a too-broad sense - I was really referring to "rolling updates", sorry for the confusion. Still I think my point applies: if metadata for security updates were not provided before, it now seems even less probable than the CentOS team will provide such information, as the maintainers are facing a continuous stream of updates. But hey - happy to be proven wrong! Regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.da...@assyoma.it - i...@assyoma.it GPG public key ID: FF5F32A8 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
On 6/21/21 4:53 AM, Gionatan Danti wrote: Historically the CentOS team refused to provide such metadata due to the added work required. Now with Stream, and the demise of classic CentOS, security updates are even less probable (ie: a rolling release is often wholly updated). CentOS Stream is not a rolling release. It gets "rolling updates," but that just means that there are no point releases within a major release, and that updates aren't delayed in order to group rebased packages together at 6 month intervals. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
> Sorry, I forgot to mention that I am using CENTOS 7. > This should receive the Red Hat Update cycle releases until 2024, right? Yes, but if you only want to install security related updates, you have to select the packages on your own because CentOS doesn't provide such metadata. Regards, Simon > > Regards, > Thomas > > -- > > Thomas Doczkal > Snr System Engineer > > > Socionext Europe GmbH > pittlerstrasse 47 > 63225 langen, germany > tel +49-6103-3745-386 > mobile +49-174-9226082 > fax +49-6103-3745-122 > thomas.docz...@socionext.com > www.eu.socionext.com > www.socionext.com > > Geschaeftsfuehrer/Managing Director: Toshihiko Tanaka, Dirk Weinsziehr, > Koichi Otsuki, Yutaka Yoneyama > > Sitz/Seat: Langen, Hessen; Registergericht/Commercial Register: > Offenbach/Main HRB 48005 > > > This e-mail and any attachment contains information > which is private and confidential and is intended for > the addressee only. If you are not an addressee, you > are not authorized to read, copy or use the e-mail or > any attachment. If you have received this e-mail in > error, please notify the sender by return e-mail and > then delete it. > > > > From: CentOS on behalf of Gionatan Danti > > Sent: Monday, June 21, 2021 01:53 PM > To: CentOS mailing list > Subject: Re: [CentOS] Security Updates not properly flagged > > Il 2021-06-21 13:34 Pete Biggs ha scritto: >> CentOS does not provide the metadata to allow the --security flag to >> work. > > Right. > >> It doesn't provide it because that information from Redhat is >> proprietary and not open source. > > This is not my understanding. From what I can see, updates which patches > CVEs are freely readable on Red Has site. For example: > CVE: https://access.redhat.com/security/cve/cve-2021-3156 > UPDATE: https://access.redhat.com/errata/RHSA-2021:0221 > > Historically the CentOS team refused to provide such metadata due to the > added work required. Now with Stream, and the demise of classic CentOS, > security updates are even less probable (ie: a rolling release is often > wholly updated). > > Regards. > > -- > Danti Gionatan > Supporto Tecnico > Assyoma S.r.l. - www.assyoma.it > email: g.da...@assyoma.it - i...@assyoma.it > GPG public key ID: FF5F32A8 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
Hi, freely does not imply free to redistribute. Of course these informations are available from various sources which allow redistribution, but it takes time to aggregate them - time that someone need to spend doing the necessary research. best regards, Markus On Mon, 2021-06-21 at 13:53 +0200, Gionatan Danti wrote: > Il 2021-06-21 13:34 Pete Biggs ha scritto: > > CentOS does not provide the metadata to allow the --security flag > > to > > work. > > Right. > > > It doesn't provide it because that information from Redhat is > > proprietary and not open source. > > This is not my understanding. From what I can see, updates which > patches > CVEs are freely readable on Red Has site. For example: > CVE: https://access.redhat.com/security/cve/cve-2021-3156 > UPDATE: https://access.redhat.com/errata/RHSA-2021:0221 > > Historically the CentOS team refused to provide such metadata due to > the > added work required. Now with Stream, and the demise of classic > CentOS, > security updates are even less probable (ie: a rolling release is > often > wholly updated). > > Regards. > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
Sorry, I forgot to mention that I am using CENTOS 7. This should receive the Red Hat Update cycle releases until 2024, right? Regards, Thomas -- Thomas Doczkal Snr System Engineer Socionext Europe GmbH pittlerstrasse 47 63225 langen, germany tel +49-6103-3745-386 mobile +49-174-9226082 fax +49-6103-3745-122 thomas.docz...@socionext.com www.eu.socionext.com www.socionext.com Geschaeftsfuehrer/Managing Director: Toshihiko Tanaka, Dirk Weinsziehr, Koichi Otsuki, Yutaka Yoneyama Sitz/Seat: Langen, Hessen; Registergericht/Commercial Register: Offenbach/Main HRB 48005 This e-mail and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorized to read, copy or use the e-mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then delete it. From: CentOS on behalf of Gionatan Danti Sent: Monday, June 21, 2021 01:53 PM To: CentOS mailing list Subject: Re: [CentOS] Security Updates not properly flagged Il 2021-06-21 13:34 Pete Biggs ha scritto: > CentOS does not provide the metadata to allow the --security flag to > work. Right. > It doesn't provide it because that information from Redhat is > proprietary and not open source. This is not my understanding. From what I can see, updates which patches CVEs are freely readable on Red Has site. For example: CVE: https://access.redhat.com/security/cve/cve-2021-3156 UPDATE: https://access.redhat.com/errata/RHSA-2021:0221 Historically the CentOS team refused to provide such metadata due to the added work required. Now with Stream, and the demise of classic CentOS, security updates are even less probable (ie: a rolling release is often wholly updated). Regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.da...@assyoma.it - i...@assyoma.it GPG public key ID: FF5F32A8 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
Il 2021-06-21 13:34 Pete Biggs ha scritto: CentOS does not provide the metadata to allow the --security flag to work. Right. It doesn't provide it because that information from Redhat is proprietary and not open source. This is not my understanding. From what I can see, updates which patches CVEs are freely readable on Red Has site. For example: CVE: https://access.redhat.com/security/cve/cve-2021-3156 UPDATE: https://access.redhat.com/errata/RHSA-2021:0221 Historically the CentOS team refused to provide such metadata due to the added work required. Now with Stream, and the demise of classic CentOS, security updates are even less probable (ie: a rolling release is often wholly updated). Regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.da...@assyoma.it - i...@assyoma.it GPG public key ID: FF5F32A8 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
> > There are probably more security updates which should be installed by > yum --security but those are the packages I am most interested in. > > Please change as necessary to allow yum --security to work. > CentOS does not provide the metadata to allow the --security flag to work. It doesn't provide it because that information from Redhat is proprietary and not open source. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Security Updates not properly flagged
Hi, I assumed that it's possible to install security updates with "yum --security update". On the centos-announce mailinglist and I have received several security updates recently. Most are not relevant for us but glib2 and kernel are two we would like to address without updating the whole system. Unfortunately both glib2 and kernel updates are filtered while running yum --security update This is the output: --> glib2-2.56.1-9.el7_9.x86_64 from updates removed (updateinfo) --> kernel-3.10.0-1160.31.1.el7.x86_64 from updates removed (updateinfo) There are probably more security updates which should be installed by yum --security but those are the packages I am most interested in. Please change as necessary to allow yum --security to work. Many thanks. Best Regards, Thomas -- Thomas Doczkal Snr System Engineer Socionext Europe GmbH pittlerstrasse 47 63225 langen, germany tel +49-6103-3745-386 mobile +49-174-9226082 fax +49-6103-3745-122 thomas.docz...@socionext.com www.eu.socionext.com www.socionext.com Geschaeftsfuehrer/Managing Director: Toshihiko Tanaka, Dirk Weinsziehr, Koichi Otsuki, Yutaka Yoneyama Sitz/Seat: Langen, Hessen; Registergericht/Commercial Register: Offenbach/Main HRB 48005 This e-mail and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorized to read, copy or use the e-mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then delete it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos