Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/01/2014 12:01 PM, kesten broughton wrote:
> Is there any difference in the rate at which security patches get 
> applied between os's.  In particular, i'm trying to compare centos
> 6.5 vs ubuntu 14.04.
> 
> What is the process through which security-only patches get passed
> on to production deployments of openstack.
> 
> Is there a difference in the amount of coverage testing for
> security services between os's?
> 
> kesten
> 
> 

Are you talking about security patches to OpenStack itself? I assume
you're not talking about the underlying operating system. Any ways if
this is OpenStack specific then my next question would be:

how did you install OpenStack on CentOS/Ubuntu? For CentOS your
choices would be

- From upstream source
- From EPEL
- From RDO
- From something else?

All of which of course have different patching schedules/rates. My
advice would be to pick say the last two dozen CVEs and then research
when they were fixed in each distribution and compare and you'll have
your answer.

- --
Kurt Seifried - Red Hat - Product Security - Cloud stuff and such
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTi3LIAAoJEBYNRVNeJnmT+hEQANOCLOKvZPxAOKUuFLByJ1kR
sexTlmdayf7oIrTalJcncoG3nh8AbSahRE82X8ijVXMGTqB3kdN1MSBg/V2r7M2b
+D4ErmQ41KkvmKgduIpsn356ExP+Rpas3CcvIJjU2KaD423o+kzDhjqtEqab1Bqb
smRMEgsQ2PCENCiRMnqPkwAdi8odUAb0LeTyAAqJvn6a2uCZznnVDCI53+Camx1/
DMNpfiZXaLdmlOeyTJl8qYnunfTvXvRPqH5u1n6pCGy/lz6Pmsr0Sarx474HIfDg
orz/S22HFptf/moYPx009nav1E1ItfzdvkwZ5ZdczzhKQMHfLaoYjQkhwl8FuAXg
JAwYR2n1pajF5LgkUm6w0XbfkmpDXRVUo+dgIkn5MiYaY2NfD28p8bZ/WPOupDku
knz6trH2VvmMlwvnPe/aDH6sHO2G1OQxD1uWNu+TWcp2ktGnCnoba9DN8Awl7dc6
aHY3EpTfTDKJhiKdGIcBwO5soR9DwyokLYtFsYMkRoOXEoh+TtfPCEgIx/hti7X6
T1aX76fyRxCzk/UmXUmqmZYeQLI0xHmVMQx5DFEjrPJLu3Ae0/Iy9UhzBgyzDt9Y
b6B3WOdY7ZYCG3FeBl9MQ+/qBJWddzqtE8nHJRQ5971hABNEz+MH5HYnN0Envvs7
cNUqZIPTqqNjLtU0B0lK
=wn/M
-----END PGP SIGNATURE-----