CentOS-7 Security Updates
Hi all,
I’m trying to clarify the security updates policy for older CentOS-7
releases.
There is a number of servers I’m supporting that are running CentOS-7 1503. When 1511 was released several days ago I’ve tried to upgrade several of those, but failed. I’ve got some strange errors with e1000 virtual NIC
being restarted frequently with ‘tx unit hang’ errors. Anyway, it’s not the thing I’d like to discuss here.
What I’d like to know is the answer to the question “will there be any security updates for CentOS-7 1503, and how long”? I was searching on a wiki, but couldn’t find anything clear enough. What I’ve found is the phrase in 1511 announcement letter
This release supersedes all previously released content for CentOS
Linux 7, and therefore we highly encourage all users to upgrade their
machines. Information on different upgrade strategies and how to
handle stale content is included in the Release Notes.
This makes me think that there will be no security updates for 1503 and the only way to get them is to upgrade to 1511, but I’d like to find any proof. Unfortunately, there is nothing about this in Release Notes :(
4 thoughts on - CentOS-7 Security Updates
To the best of my knowledge CentOS never has released patches specific to a minor version.
Finding and resolving the issue you are experiencing with the current release is the only course of action.
attention to.
That date (or point release) is just a point in time milestone and carrying out a yum update will continue you along the EL7 path (and
/etc/CentOS-release will be updated in the process as just another update).
The ‘older’ CentOS release is not 7.0 or 7.1 … it is 6 or 5 … similarly
6.6 doesn’t get an ‘update’ as such with yum update just providing the packages in the 6.7 milestone (+ updates).
If you do have a specific need to stay on a particular point release for some arcane and silly reason Red Hat provides a specific z-stream support subscription their sales team can talk to you about.
That’s correct. CentOS treats minor releases as just a label for a point in time. There are, essentially, no minor releases of CentOS, except for the purpose of spinning new installation ISOs.
The solution you’re looking for is something that Red Hat provides to paying customers, though:
https://access.redhat.com/solutions/22763
Thats right, there are no point release updates, you will also notice that older deprecated content will be removed from mirror.CentOS.org in a few weeks time.
The way to work around surprises in large installation is to enable the CR/ repos on a select few testing machines – this will give you access, ahead of main release, to the content for the main release. Any update that is going to take more than a few days to get out, is released via CR/ repos first. Also, finding and reporting bugs during this process helps get rectification in before it becomes the default for the entire user base.
Having said this, what exactly is the issue you are facing ?
—
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc