View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0018339||CentOS-7||general||public||2021-10-28 07:40||2021-11-18 17:19|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Summary||0018339: No announcements of CESA, CEBA etc for October|
|Description||I see Centos7.9 has the following updated packages. However, there are no announcements of CESA, CEBA on https://lists.centos.org/pipermail/centos-announce for October because of this patching tool (such as BigFix) is not able to ship those updates.|
|Tags||No tags attached.|
I found this ticket while trying to find an answer to the same question by looking through CentOS web, git, and email archives but came up empty.
Is this text from the description a valid root cause or just speculation? "because of this patching tool (such as BigFix) is not able to ship those updates."
In general, is there more info somewhere on how to trace published RHSA's through CentOS ticket/test/release?
|The initial reporter is reporting the fact that some CentOS security annoucement mails are missing. What uses those mails is anyone's guess but in their case they apparently use a "BigFix" tool but this is not a CentOS supplied or recommended tools (I've never heard of it before). The CentOS announce mails only have a pointer in them to the RH announcements from their errata page.|
Appreciate that info Trevor, makes more sense now.
I do want to highlight that there is an issue here though, I count 193 updated CentOS package files in the month of October in http://mirror.centos.org/centos/7/updates/x86_64/Packages/?C=M;O=D but no centos-announce (nor centos-cr-announce) emails. Like the orignal reporter, we use the CentOS mailing list as the authority for newly released CentOS7 packages.
|I appreciate Trevor and Icycle for adding more details to this. Issue with BigFix is not a speculation. I had to raise 2 requests earlier to get few missing announcements. Once CentOS has announcements the BigFix do publish updates associated with those announcements. I would assume if there is no another place to see latest info about released CESA or CEBA, then tools like BigFix can’t do anything. If announcements are not the correct place to look for latest CESA or CEBA then let me know the correct place please.|
|There are RSS feeds at https://feeds.centos.org that might be of use. These are generated automatically and do not require human intervention to function.|
|How this will be mapped to CESA, CEBA etc?|
|In the general case ... they won't directly be mapped to any type of release. The best I can come up with off the top of my head is to look at the changelog snippets for each update and see if they contain a 'CVE' reference. This is nothing but a band-aid, if even that :(|
|World would have been beautiful if announcements don’t require human intervention :)|
Appears to be working again, as of yesterday:
|Thank you for tracking this. Good to see this back.|
|2021-10-28 07:40||Sumitgarg44||New Issue|
|2021-11-01 20:57||icycle||Note Added: 0038699|
|2021-11-01 21:02||TrevorH||Note Added: 0038700|
|2021-11-02 18:54||icycle||Note Added: 0038701|
|2021-11-02 20:45||Sumitgarg44||Note Added: 0038702|
|2021-11-09 04:12||jrd||Note Added: 0038724|
|2021-11-09 05:15||Sumitgarg44||Note Added: 0038725|
|2021-11-09 05:26||jrd||Note Added: 0038726|
|2021-11-09 05:48||Sumitgarg44||Note Added: 0038727|
|2021-11-18 14:50||icycle||Note Added: 0038738|
|2021-11-18 17:19||Sumitgarg44||Note Added: 0038739|