Carl summarized really well how code moves through RHEL and CentOS Stream, and we’re working on making sure we publish a build that has made it through the usual set of RHEL tests. -326 is a possible candidate here. Think about CentOS Stream as the development location for the next-minor release of RHEL. I’d like to highlight some of the general points related to this discussion: - There are certain classes of CVE that we handle differently from normal development work: https://centos.org/distro-faq/#q4-how-will-cves-be-handled-in-centos-stream <https://centos.org/distro-faq/#q4-how-will-cves-be-handled-in-centos-stream> - Since these fixes need to go into RHEL first, getting them into the development location (CentOS Stream) represents a separate set of work. - Our intent is to get CVE fixes like this into Stream as soon as they’re available within the guidelines referenced in the FAQ In the past updates have gone out quickly, we haven’t artificially held up pushes and we will not do so going forward. We don’t, though, make any forecasts or guarantees about turnaround time, this is to make sure we deliver those fixes correctly. I hope that as we continue rolling out new workflows in CentOS Stream 9, we will be able to provide more direct feedback on patch status at a source code level. Just as a reminder you can view and participate in development happening on Gitlab: https://gitlab.com/redhat/centos-stream/ <https://gitlab.com/redhat/centos-stream/> --Brian _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos