Hi Ian,


Ian Murray wrote:
> Hi,
> 
> I'm new to the list so please be gentle with me!
> 
> I am a user of another well known Redhat Rebuild distribution and it has 
> come to light that the maintainers don't/can't release interim security 
> updates while they are rebuilding a new dot release from upstream, as 
> far as I can understand. This is because upstream releases its security 
> fixes against the most recent dot release. Therefore there is a 
> corresponding delay to security releases.
> 
> I am considering moving away from that distribution for the above reason 
> and the dot releases seem to be taking a long time, which compounds that 
> issue. I would like to stick with something RH based, as I am familiar 
> with it.
> 
> Does the Scientific Linux maintainers use the same approach as above, or 
> have they solved that issue in some other way?
> 
> Thanks in advance,
> 
> Ian.
> 

Hi Ian,
Interesting question that I've never seen before.  I believe it's been 
answered, but I'll answer it anyway.

When RedHat releases a point release, such a RHEL 4.8 or 5.4, and then 
release security errata after that, we try to get those security errata 
out as soon a possible.
That being said it is ofter a week or two before the first security 
errata's get pushed out by us, and it is quite common for those early 
packages to have dependancies and/or complications we didn't expect.
But after a few weeks to a month, things tend to settle down and be less 
trouble.

I hope that answers your question.
Thanks
Troy Dawson
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________