Security Updates (Errata)
Q. After RedHat releases a security errata, how long until it shows up in Scientific Linux's errata?
A. Within a couple days.
Q. That seems like a long time for errata, why so long?
A. RedHat is not perfect, and sometimes their errata completely break programs.
Q. What happens when the people recompiling the errata go on vacation?
A. Because these security errata are part of Fermilab's security procedures, the entire Scientific Linux development team is not allowed to go on vacation at the same time. So there will always be at least one main developer able to do recompiles.
Q. What packages get put into the security errata repository?
A. Packages will only go into the security errata repository if
- T.U.V. Classifies the package as a security update, including non-security dependancies.
- It is a package we provide, and it has a security or critical bug update.
- The package falls into our list of packages that affect the machine in a critical way and must be updated even if it isn't security related.
The list is currently: tzdata, selinux-policy, and hwdata
Q. What about older releases (SL5.0) will it get security updates today now that SL 5.7 is out?
A. Packages (not patches) will be made avalible for older major releases as best we are able. This will sometimes require including a non-security package to resolve a dependency. We do not port patches. So, if in SL 5.7 a secuity update is released, an exact copy of that package is avalible for SL 5.0. We do not customize for older releases. Sites that stay on older releases are doing so for a reason and we don't want to override their decisions. Making the security packages avalible for these older releases can help them with their specific needs while helping them stay protected against threats.
Last modified 2012-05-31 08:52 AM