How to monitor security updates in 8-Stream and 9-Stream

Support for security such as Firewalls and securing linux
Post Reply
pedrodaniel10
Posts: 2
Joined: 2023/03/10 08:20:14

How to monitor security updates in 8-Stream and 9-Stream

Post by pedrodaniel10 » 2023/03/10 08:29:18

Hello everyone. I need to track all security updates in 8-Stream and 9-Stream to then notify users about it so they can take action.
In CentOS 7 it's easy to track as there are security advisories.

For Stream, right now I'm compiling all the RHSA that point to RHEL 8 and 9 and then check in the repositories [1] for that specific release on branch c8s and c9 respectively.

I have a few questions:
- I want to know what is the difference between branch c8s and c8 on the git repositories.
- Is the package version that fix the vulnerability shown in the RHSA the same shown in the commits of each branch
- Is there a better way to track security fixes in CentOS Stream? (Good to note, given that CentOS is upstream, the time I take to notify between the fix and the RHSA release, is quite big)


[1] https://git.centos.org/

Many Thanks in advance.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to monitor security updates in 8-Stream and 9-Stream

Post by TrevorH » 2023/03/10 13:31:08

There are no security guarantees in CentOS Stream. There are no announcements. Some updates have lagged for nearly 3 months behind the equivalent updates for RHEL.

If security (or stability or just about anything else!) is your guideline then switch to one of the other clones of RHEL, do not use Stream.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to monitor security updates in 8-Stream and 9-Stream

Post by TrevorH » 2023/03/10 13:33:11

- I want to know what is the difference between branch c8s and c8 on the git repositories.
The c8 branch tracks RHEL 8 - this is the one that the clones rebuild from. The c8s branch is for Stream.
- Is the package version that fix the vulnerability shown in the RHSA the same shown in the commits of each branch
For RHEL and clones, yes. For Stream, no, Stream no longer uses the same version number for updates that RHEL does.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply