Love what is happening here, but I am curious what the on-going CVE notifications are going to look like. While I can probably figure out a way to download and parse the errata it currently doesn’t look like it will provide me with what new/hasn’t been patched CVEs have come out.
Is there a current “preferred” method for this that I can use to show security conscious people that this is the correct distro to move to before CentOS goes EOL at end of year?
I thought that CentOS has no notifications? You just run ‘update’ regularly.
If baseline has been “nothing” and that has been sufficient, …
Is data in this correct? EL8 Distro Comparison | AlmaLinux Wiki
Rocky Linux offers errata for updates which are built as soon as they are available upstream. The errata information can be found at https://errata.rockylinux.org/. All features such as
dnf update --security,
dnf updateinfo --security, and others relating to advisories, CVEs, and other Errata-specific flags and features for DNF should work.
Please let me know if you have any questions about this! I’m going to open a PR for that Almalinux page to fix up the comparison, as we do in fact have the errata information… and we should probably make a dedicated post about it and how to use it!