|
|
Subscribe / Log in / New account

McGrath: Red Hat’s commitment to open source

McGrath: Red Hat’s commitment to open source

Posted Jun 30, 2023 19:31 UTC (Fri) by kpfleming (subscriber, #23250)
In reply to: McGrath: Red Hat’s commitment to open source by pizza
Parent article: McGrath: Red Hat’s commitment to open source

Just for clarity, repeating what has been posted on one of the other LWN article threads:

This is not true. Fixes for 'low' and 'moderate' severity CVEs are generally made 'in the open' in CentOS Stream and then appear in RHEL when the next batch of updates for that RHEL stream are published.

Fixes for 'important' and 'critical' CVEs (embargoed or not) are made in RHEL first, in private repositories, shipped to RHEL customers (and generally do not wait for batch updates but are shipped as soon as they are ready), and are then made in CentOS Stream as the RHEL developer gets time to push the changes there. This could be minutes, or hours, or days, but wouldn't often be more than a few days.

to post comments

McGrath: Red Hat’s commitment to open source

Posted Jul 1, 2023 2:56 UTC (Sat) by passthejoe (guest, #156034) [Link]

This is very good to hear, and is something Red Hat and CentOS people should be talking about non-stop.

If CentOS Stream is worth speaking up for, a whole lot of people should be doing it.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds