This is something I've always wondered, but never seen a consistent attitude on
When a RHEL-derived distribution find new vulnerabilities, what process do they go to report and address them? - Do they go directly upstream? - Do they report them in RHEL's bugzilla? - Do they patch internally? - Other? Over the years I've seen conflicing information in various forums, and I've always wondered if there was a consistent method that was addressed. Cheers, jduncan
