Q. After RedHat releases a security errata, how long until it shows up in Scientific Linux's errata?

A. Within a couple days.

Q. That seems like a long time for errata, why so long?

A. RedHat is not perfect, and sometimes their errata completely break programs.

Q. What happens when the people recompiling the errata go on vacation?

A. Because these security errata are part of Fermilab's security procedures, the entire Scientific Linux development team is not allowed to go on vacation at the same time. So there will always be at least one main developer able to do recompiles.

Q. What packages get put into the security errata repository?

A. Packages will only go into the security errata repository if

• T.U.V. Classifies the package as a security update, including non-security dependancies.
• It is a package we provide, and it has a security or critical bug update.
• The package falls into our list of packages that affect the machine in a critical way and must be updated even if it isn't security related.
  The list is currently: tzdata, selinux-policy, and hwdata