Johnny Hughes wrote: > On Mon, 2006-01-30 at 20:56 -0600, Steve Bergman wrote: >> My original understanding was that only security patches get issued >> between quarterly releases. But that then the distro gets updated >> with bug fixes 2 to 4 times per year. >> >> I may be getting this all wrong, but I get the impression that there >> are 3-4 month periods of quiescence punctuated by short periods (or >> a day?) of significantly more intensive patching. >> >> Is that correct? >> > > That is generally correct ... the upstream provider generally releases > security patches between the update set releases. They generally > release bugfix and enhancement updates during an update set (or as we > call it a point release). > > They also generally release an update set at 3-4 month intervals. > > The update sets contain both security, bufix, and enchantment updates > though ... and normally many of the new enhancement and bugfix updates > are required as dependencies for the security updates. > > All of these things are general though ... to see exactly what updates > were released and when, look here (for the upstream EL4 product): > > You can see every update and the date it was released ... you can also > see the update set dates of: > > Release = 2005-02-14 > > update1 = 2005-06-09 > > update2 = 2005-10-05 > > (this is about 4 months between release sets) > > You can also see that there were: > > 27 day zero updates on 02-15-2005, 3 bugfix updates between release > update1, 3 security updates as part of update1, 0 bugfix updates > between update1 and update2, 11 security updates as part of update2, 5 > bugfix/enhancement updates between update2 and now. > > We at CentOS release the updates that are released upstream ... when > they are released upstream ... we do so regardless of whether they are > bugfix or security or enhancement updates ... because, they were > released when they were for a reason :) > > Some other rebuild distros ONLY release security updates between > update sets ... others release hardly any updates at all. We > personally think the the upstream provider is the absolute best > enterprise distro in the world, and that they are smart enough to > release the updates that they want when they want them released, > therefore, we release the same packages too. I found this interesting, an interview of the Red Hat CIO suggests there may be a change in the way Red Hat rolls its updates. From http://cio.co.nz/cio.nsf/UNID/0358EF0F3EFF0584CC2570AA0073523A?OpenDocum ent Johnny posted this in another thread. "One customer told me that it's difficult to meet the SAS-70 auditing requirements, because Red Hat releases security updates and general patches together. Is your company addressing this? It's true that when quarterly updates come out, security is done only for that update. So customers have to move to that update with us if they want to stay secure. What we're looking at now - and this wasn't necessitated until recently, now that we have over 1 million subscriptions out and 36,000 new customers in each of the last two quarters - is offering longer support for back releases. So some customers could stay on an old update release an still get the security patches." Dean