Package update question

[oden08]

Hello, one of my Centos boxes showed up on a Nessus (vulnerability) scan for the version of glibc which is currently being distributed (glibc-2.17-196.el7_4.2). I would guess that the recommended package version (according to Nessus glibc-2.17-222.el7) is in testing so I am needing to decide if I should build from source (and break the repo update for that package) or if I can wait for the update release.

Before I decided wanted to ask generally, while a new package version is being tested is the community able to view that process i.e. if in beta or if there's a release candidate, if anyone has had issues, etc - and if so where is that?

[TrevorH]

It's part of the new point release, 7.5, that is already available via the CR repo. What's in CR now is what will be in 7.5 once it's officially released but missing a few things like centos-release, anaconda and some other things like that.

During the current point release, updates are built and released as they come out upstream from RH. When a new point release comes out, that takes longer as all packages have to be built and tested together and then checked to make sure they were built in the right order etc. Once they are built and tested, they are signed and put in the CR repo for early access and then the team move onto building the iso images etc which take more time. You don't have to wait for the iso release, you can update from CR using e.g. yum --disablerepo=\* --enablerepo=cr,base,updates,extras update --noplugins (the noplugins bit is only required if you use yum priorities - it's that or you can assign the same priority to CR as you do to base/updates).