)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"45df4e51209de09659f3c177ef6fd180c2e787da","unresolved":false,"context_lines":[{"line_number":9,"context_line":"Adds support for configuration of DNF repo mirrors for CentOS and EPEL"},{"line_number":10,"context_line":"repositories, as well as custom repositories."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Adds support for DNF automatic, which is a replacement for yum-crom."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Configuration is backwards compatible, falling back to the equivalent"},{"line_number":15,"context_line":"yum variables when DNF variables have not been overridden."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":15,"id":"1fa4df85_b5f25a05","line":12,"range":{"start_line":12,"start_character":66,"end_line":12,"end_character":67},"updated":"2020-03-18 17:25:21.000000000","message":"femto nit right there","commit_id":"8adca0598ccbeaab5aa052f0727e2666a9c7c0c2"}],"ansible/group_vars/all/dnf":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"45df4e51209de09659f3c177ef6fd180c2e787da","unresolved":false,"context_lines":[{"line_number":46,"context_line":"# security updates. Default value is \u0027false\u0027."},{"line_number":47,"context_line":"dnf_automatic_enabled: \"{{ yum_cron_enabled }}\""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"# DNF Automatic upgrade type. Default value is \u0027security\u0027. Note that the"},{"line_number":50,"context_line":"# equivalent yum-cron variable is named slightly differently -"},{"line_number":51,"context_line":"# yum_automatic_update_cmd."},{"line_number":52,"context_line":"dnf_automatic_upgrade_type: \"{{ yum_cron_update_cmd }}\""}],"source_content_type":"application/octet-stream","patch_set":15,"id":"1fa4df85_95c07e7e","line":49,"range":{"start_line":49,"start_character":30,"end_line":49,"end_character":57},"updated":"2020-03-18 17:25:21.000000000","message":"woe betide anyone who enables it for all packages","commit_id":"8adca0598ccbeaab5aa052f0727e2666a9c7c0c2"}],"doc/source/configuration/hosts.rst":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"45df4e51209de09659f3c177ef6fd180c2e787da","unresolved":false,"context_lines":[{"line_number":368,"context_line":""},{"line_number":369,"context_line":"   dnf_automatic_enabled:  true"},{"line_number":370,"context_line":""},{"line_number":371,"context_line":"By default, only security updates are applied. Updates for all packages may be"},{"line_number":372,"context_line":"installed by setting ``dnf_automatic_upgrade_type`` to ``default``."},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"SELinux"},{"line_number":375,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":15,"id":"1fa4df85_3502eab5","line":372,"range":{"start_line":371,"start_character":47,"end_line":372,"end_character":67},"updated":"2020-03-18 17:25:21.000000000","message":"micronit: We could hint that this is not recommended/risky.","commit_id":"8adca0598ccbeaab5aa052f0727e2666a9c7c0c2"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"5ce10ad0ab0d2d4af805807122c672bb7e1c8122","unresolved":false,"context_lines":[{"line_number":368,"context_line":""},{"line_number":369,"context_line":"   dnf_automatic_enabled:  true"},{"line_number":370,"context_line":""},{"line_number":371,"context_line":"By default, only security updates are applied. Updates for all packages may be"},{"line_number":372,"context_line":"installed by setting ``dnf_automatic_upgrade_type`` to ``default``. This may"},{"line_number":373,"context_line":"cause the system to be less predictable as packages are updated without"},{"line_number":374,"context_line":"oversight or testing."},{"line_number":375,"context_line":""},{"line_number":376,"context_line":"SELinux"},{"line_number":377,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":16,"id":"1fa4df85_2dfff1ab","line":374,"range":{"start_line":371,"start_character":0,"end_line":374,"end_character":21},"updated":"2020-03-19 14:12:21.000000000","message":"Let\u0027s make sure using `security` does something though. I don\u0027t want people to get a false sense of security.\n\nI remember flagging that our package update example uses the --security flag, but on CentOS 7 security metadata is not available (only RHEL provides it), so nothing gets updated: https://forums.centos.org/viewtopic.php?t\u003d51300\n\nExample:\n\n$ rpm -qa | grep kernel-3.10\nkernel-3.10.0-1062.4.3.el7.x86_64\n$ sudo yum check-update | grep kernel.x86_64\nkernel.x86_64                           3.10.0-1062.18.1.el7     updates\n$ sudo yum update --security kernel\nLoaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.coreix.net\n * centos-sclo-rh: mirror.sov.uk.goscomb.net\n * centos-sclo-sclo: mirror.freethought-internet.co.uk\n * epel: mirrors.coreix.net\n * extras: mirrors.coreix.net\n * openstack-stein: mirrors.coreix.net\n * rdo-qemu-ev: mirrors.clouvider.net\n * updates: mirrors.coreix.net\n --\u003e kernel-3.10.0-1062.18.1.el7.x86_64 from updates removed (updateinfo)\nNo packages needed for security; 1 packages available\nResolving Dependencies\n\nYet an earlier update is flagged as security on the mailing list announcement: https://lists.centos.org/pipermail/centos-announce/2020-February/035645.html\n\nIf I run a full `yum update --security`, the result is:\n\n1 package(s) needed (+0 related) for security, out of 91 available\n\nwhich is a package from EPEL (which does provide security metadata).","commit_id":"dc32b52f08da551f23070d0915d78da0627aec3c"}]}