by profwalkstr on 7/19/23, 9:00 PM with 8 comments
Link to CentOS Stream Gitlab of the AlmaLinux CVE patch commit: https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/5
Discussion going on Reddit: https://www.reddit.com/r/AlmaLinux/comments/1544w8b/red_hat_refuses_almas_cve_patches_to_centos/
by dralley on 7/19/23, 11:12 PM
This is what the initial response said:
> Thanks for the contribution. At this time we don't plan to address this in RHEL but we will keep it open for evaluation based on customer feedback.
Carl George followed up on /r/almalinux with this:
> The request is still open and has not been rejected. The CVE hasn't even gotten a severity rating yet. So maybe tap the breaks and see how it plays out. Just like in any other open source project, asking for contributions does not automatically guarantee that every contribution will be merged.
It is entirely possible that this will end up being merged within a week if it is judged a serious security issue, but until then it's just "a CVE that someone filed", which doesn't necessarily mean much.
Disclosure: I work for Red Hat.
by genmud on 7/19/23, 10:34 PM
Support means fuckall when they don't care or their timelines are measured in quarters and years. It's why when someone says "oh, you are paying for support" I just laugh at them. The tens of thousands of dollars we paid per year for RHEL would have been infinitely better utilized for supporting upstream projects and their developers.
by pk-protect-ai on 7/19/23, 9:29 PM
by wmf on 7/19/23, 11:45 PM