Re: CentOS Security Advisories OVAL feed??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 8/5/20 1:05 AM, centos@xxxxxxx wrote:
> On 04/08/2020 23:50, Jon Pruente wrote:
>> On Tue, Aug 4, 2020 at 11:34 AM <centos@xxxxxxx> wrote:
>>
>>> Q5) If the answer to the last question is "no": shouldn't there be such
>>> a resource?
>>>
>> CentOS doesn't publish security errata. If you need it then you should
>> either buy RHEL, or deal with putting together your own set up with
>> something like http://cefs.steve-meier.de/
> 
> I expected just this answer, and we do have a RHEL subscription (and
> BTW: thanks for the link). But you missed the main point by omitting the
> other questions (especially Q1, Q2 and Q3): There are upstream package
> versions that were never rebuilt for CentOS.
> 
> For instance: If, for whatever reason, I am required to stay with nginx
> 1.14.1 then the missing rebuild of the packages mentioned in
> RHSA-2019:2799 (https://access.redhat.com/errata/RHSA-2019:2799) would
> leave me with a vulnerable system.
> 
> The question for an OVAL feed is actually an add-on question: In the
> same spirit that is the base for the CentOS project itself: wouldn't
> such a feed be a good thing to have? Otherwise your answer could be the
> catch-all answer to all questions CentOS: Go get a commercial
> subscription. Personally, I think such an answer is not very helpful.
> 
> So what do you think about the underlying issue? Under what
> argumentation does it NOT constitute to be an issue?
> 

Modules suck .. :)

But that is built and in the repo ..

dnf list 'nginx*'

nginx.x86_64
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-all-modules.noarch
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-filesystem.noarch
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-mod-http-image-filter.x86_64
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-mod-http-perl.x86_64
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-mod-http-xslt-filter.x86_64
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-mod-mail.x86_64
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream
nginx-mod-stream.x86_64
1:1.14.1-9.module_el8.0.0+184+e34fea82                  AppStream

As I have said before .. mbbox (the item used to build modules) adds an
index code (the 184) and a part of the git commit (e34fea82) .. so this
will always be different between RHEL and CentOS .. because we use
different builders and a different git repo.  Red Hat's RHEL index code
is 4108 and the git commit is af250afe


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux