On Thu, Feb 24, 2011 at 12:05 PM, Ian Murray <murrayie@xxxxxxxxxxx> wrote:
>>> However, it was my
>> > understanding that "Critical" security updates and those that are
>> > "remotely exploitable" would be pushed out ahead of 5.6.
>>
>> That is my understanding, too. However, I see that the only "Critical"
>> one on your list is java-1.6.0-sun. This is not included in CentOS...
> As far as I understand this is a highly untrivial task and breaks the "binary
> compatible" rule. Nevertheless, this was attempted one or two dot releases ago,
> I think as an experiment as much as anything.
>
> I am not sure how the CentOS team thought of that exercise, in hindsight. I
> would be interested in knowing. From the explanation that Russ gave, it was a
> mighty effort, as far as I remember.
Right, it is not an easy task as we see from the past experience. I
think Karanbir is trying to come up with the way CentOS can provide
critical security updates ahead of the pending major release as we can
see in his post [1] to the -devel mailing list:
"all updates to the /5/ tree are monitored and anything which has a
remote or local exploit will get pushed into the /5/ tree; things in 5.6
and against 5.6 that dont meet that criteria wait for 5.6 release. build
order, linking, inheriting upstream testing etc etc to blame."
[1] http://lists.centos.org/pipermail/centos-devel/2011-February/006916.html
Akemi
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
