On Sat, Jun 24, 2023 at 3:05 PM Michael Catanzaro <mcatanzaro@xxxxxxxxxx> wrote: > But in practice, we actually currently have a lot of desynced packages > where RHEL is ahead of CentOS Stream for various reasons. I believe > most such cases are mistakes that need to be corrected, not intentional > delays. E.g. if a particular developer just forgets to fix the CVE in > CentOS Stream, currently nobody is checking to catch that and complain > and get things fixed. Red Hat needs to catch and fix these issues > proactively, but is not currently doing so. Since only Red Hat is able > to commit to CentOS Stream, the community is limited to tracking > desyncs and complaining when it happens. (That would be really valuable > to do IMO.) Most of the time, as you say, things work well (at least in my experience). If one does find a security update that did not get streamed, is there a way for a non-customer[0] to open an appropriate ticket both now, and in the future when RH moves their internal bug tracker to jira[1]? [0] There are those that have used the clones and streams for some time without having to sign up with RH. [1] It is not clear to me if one will need a formal support contract in order to open tickets into the future jira instances. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
