[BlueOnyx:07656] Re: CentOS-6.0 Released

[Michael Stauber]

Hi Ernie,

> I just noticed that CentOS 6.0 has just been released:
> 
>  "We are pleased to announce the immediate availability of CentOS-6.0 for
>  i386 and x86_64 Architectures.
> 
> Should be a bit of fun.

Yeah, last night I downloaded the ISOs from one of the mirrors who happened to 
have all files prior to the anouncement. I also poked a bit around on the 
mirrors to see what's new.

I'm of course happy that they finally have been able to get to this important 
milestone, although it has taken them way too long.

But sometimes I hate to be right: As I had feared the CentOS team released a 
debranded carbon copy of RHEL6 as it was at the time of its release. Not only 
that, RHEL6.1 is of course also out since a while.

Just one example how much behind the CentOS6 release is compared to another 
RHEL6 clone:

Bind (CentOS6):         bind-9.7.0-5.P2.el6_0.1.i686.rpm
Bind (SL6):                  bind-9.7.3-2.el6_1.P1.1.i686

The version of Bind that CentOS6 ships with, is from May 2010 and is 11 
releases behind the Bind that Scientific Linux 6 ships with. The CentOS6 
version is also vulnerable to CVE-2011-1910 and CVE-2011-0414, which are of 
course fixed in SL6 <sigh>.

Running an OS that has a well documented backlog of half a year of missing 
security patches is way too risky for my taste. So I'd caution against using 
CentOS6 productively somewhere, until they've had the chance to play a lengthy 
game of catch-up. 

In the meantime we're using Scientific Linux 6 to prepare a rollout of a beta 
of the next BlueOnyx 5107R. A beta ISO may be ready for testing "soon". But as 
said: That's at first strictly for testing and not really for productive 
usage.

-- 
With best regards

Michael Stauber