Subject: | |
From: | |
Reply To: | |
Date: | Wed, 3 Sep 2014 08:33:36 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi Pat, hi Patrick,
thanks for your answers and comments.
How would someone like me get a SRPM for a binary package found or installed on
a SL 7.0 system?
I really don't understand in the moment how it is verified that sources are from
RH and unaltered by someone in between.
Best regards
Andreas Mock
> Von: Patrick J. LoPresti [mailto:[log in to unmask]]
> Gesendet: Dienstag, 2. September 2014 23:22
> An: Pat Riehecky
> Cc: Andreas Mock; [log in to unmask]
> Betreff: Re: AW: [SCIENTIFIC-LINUX-USERS] Questions about SL 7.0
>
> On Tue, Sep 2, 2014 at 2:11 PM, Pat Riehecky <[log in to unmask]> wrote:
> >
> > The sources were taken from git. They were then compared to the
> > sources from the public Release Candidate provided by upstream on April
> 22 2014.
> > There were very few changes from this Release Candidate to the
> > official release.
>
> Nice work.
>
> > All the Security/Enhancement/Bugfix code comes out of git as the
> > source rpms for these were never publicly released.
>
> Does this mean there is no way to correlate security/bugfix updates from
> Red Hat with the changes in git, and therefore no way to know how far SL is
> diverging from RHEL over time?
>
> Is the git tree entirely RHEL + released updates, or are unreleased CentOS
> changes mixed in as well?
>
> Presumably, anyone with a RHEL subscription (and the right tools) could
> compare the git repository against the update SRPMs, at least to tell you
> whether they are the same. Would that be a violation of the subscription
> terms, I wonder?
>
> Just curious.
>
> - Pat
|
|
|