On Wed, 12 Jun 2013, Yasha Karant wrote:

> Are these errata from US-CERT (for the Fermilab component), ENISA (for
> the CERN component), TUV, or a combination of (which, other?) sources?
> Are the errata characterised by the level of severity?

They are all TUV just as they have always been.  The level of severity is 
what TUV assigns to them.

The announcement of these are sent to the scientific-linux-errata mailing 
list.  The packages are placed in the security directory of each tree. 
This is where the nightly yum security update expects to find them.  Again 
this is has it has always been.

Note that there are a few packages that have been promoted to "security" 
status and those are selinux-policy and tzdata.  There have been promoted 
because they were causing problems when they were not updated with other 
security errata even though there is no documented dependency on them. 
Again this is as it has been for many years.

>
> Do these errata encompass both notifications 
> and links to required > package updates to address the errata?
>

I do not understand the question.

-Connie Sieh

> Yasha Karant
>
>
> On 06/12/2013 08:36 AM, Connie Sieh wrote:
>> I am glad to announce that we have added Bonnie King as one of the
>> people who will be publishing security errata.  She will be publishing
>> security errata this week.
>>
>> -Connie Sieh
>