How to monitor security updates in 8-Stream and 9-Stream
Posted: 2023/03/10 08:29:18
Hello everyone. I need to track all security updates in 8-Stream and 9-Stream to then notify users about it so they can take action.
In CentOS 7 it's easy to track as there are security advisories.
For Stream, right now I'm compiling all the RHSA that point to RHEL 8 and 9 and then check in the repositories [1] for that specific release on branch c8s and c9 respectively.
I have a few questions:
- I want to know what is the difference between branch c8s and c8 on the git repositories.
- Is the package version that fix the vulnerability shown in the RHSA the same shown in the commits of each branch
- Is there a better way to track security fixes in CentOS Stream? (Good to note, given that CentOS is upstream, the time I take to notify between the fix and the RHSA release, is quite big)
[1] https://git.centos.org/
Many Thanks in advance.
In CentOS 7 it's easy to track as there are security advisories.
For Stream, right now I'm compiling all the RHSA that point to RHEL 8 and 9 and then check in the repositories [1] for that specific release on branch c8s and c9 respectively.
I have a few questions:
- I want to know what is the difference between branch c8s and c8 on the git repositories.
- Is the package version that fix the vulnerability shown in the RHSA the same shown in the commits of each branch
- Is there a better way to track security fixes in CentOS Stream? (Good to note, given that CentOS is upstream, the time I take to notify between the fix and the RHSA release, is quite big)
[1] https://git.centos.org/
Many Thanks in advance.