[Spacewalk-list] Errata...purpose?

Steve Meier email at steve-meier.de
Tue Jan 22 20:47:18 UTC 2019 

Hi Dave,

since I have done a lot of stuff around Errata in the last few years
(see https://cefs.steve-meier.de), I wanted to share my knowledge.

Errata for RedHat/CentOS come in three "flavours": Security, Bugfix and
Enhancement. An erratum includes one or more RPMs that fixes one or
more bugs of that flavour.

Let's look at a specific example: CESA-2019:0049
(Source: 
https://lists.centos.org/pipermail/centos-announce/2019-January/023143.html)

This erratum holds three important pieces of information for a sysadmin.
It's a security update, its severity is "Important" (which is the second
highest) and you need to install "systemd-219-62.el7_6.2.x86_64.rpm" 
(plus
its dependencies also listed) to remediate this on your system.

When you run "yum check-update" on a standalone CentOS server, the only
information you will see is that "systemd-219-62.el7_6.2.x86_64.rpm" 
(again,
plus dependencies) is available. The CentOS repositories do not contain
additional information about these updates (type, severity, release 
date, etc.).

When you have Spacewalk and Errata loaded you will get a nice overview 
of
how many systems have which Errata outstanding and what their type and
severity is. You will also be able to schedule the installation of the
those updates easily.

Especially in an environment where compliance (HIIPA, PCI, SOX, etc.) is
important, such an overview can be very valuable.

In my past job as a sysadmin I would go through this list each week and
put the installation of security updates into our change plan for the
coming week. Once the next audit rolled around we could just pull out
these plans and prove that we had kept up with security patching.

Let me know if you have further questions.

Kind regards,
   Steve


Am 2019-01-22 19:45, schrieb Dave Thoms:
> I have a Spacewalk 2.8 install on CentOS 7.x.  I've done a fair amount
> of digging to understand what errata actually is.  Why it's needed
> when you are already getting all updates.  Whether it applies to ALL
> repos or just the official ones for CentOS.  Does anyone have a handle
> on this - fundamentally speaking?
> 
> Thanks in advance,
> 
> Dave T. The information in this e-mail (including attachments, if any)
> is considered confidential and is intended only for the recipient(s)
> listed above. Any review, use, disclosure, distribution or copying of
> this e-mail is prohibited except by or on behalf of the intended
> recipient. If you have received this email in error, please notify me
> immediately by reply e-mail, delete this e-mail, and do not disclose
> its contents to anyone. Any opinions expressed in this e-mail are
> those of the individual and not necessarily the TruHearing group.
> Thank you.
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list