Hi Pat, hi Patrick, thanks for your answers and comments.
How would someone like me get a SRPM for a binary package found or installed on a SL 7.0 system? I really don't understand in the moment how it is verified that sources are from RH and unaltered by someone in between. Best regards Andreas Mock > Von: Patrick J. LoPresti [mailto:[email protected]] > Gesendet: Dienstag, 2. September 2014 23:22 > An: Pat Riehecky > Cc: Andreas Mock; [email protected] > Betreff: Re: AW: [SCIENTIFIC-LINUX-USERS] Questions about SL 7.0 > > On Tue, Sep 2, 2014 at 2:11 PM, Pat Riehecky <[email protected]> wrote: > > > > The sources were taken from git. They were then compared to the > > sources from the public Release Candidate provided by upstream on April > 22 2014. > > There were very few changes from this Release Candidate to the > > official release. > > Nice work. > > > All the Security/Enhancement/Bugfix code comes out of git as the > > source rpms for these were never publicly released. > > Does this mean there is no way to correlate security/bugfix updates from > Red Hat with the changes in git, and therefore no way to know how far SL is > diverging from RHEL over time? > > Is the git tree entirely RHEL + released updates, or are unreleased CentOS > changes mixed in as well? > > Presumably, anyone with a RHEL subscription (and the right tools) could > compare the git repository against the update SRPMs, at least to tell you > whether they are the same. Would that be a violation of the subscription > terms, I wonder? > > Just curious. > > - Pat
