Frequently Asked Questions about CentOS in general
- What is CentOS Linux?
- How long after Red Hat publishes a fix does it take for CentOS to publish a fix?
- Where are the Release Notes for a given version?
- How do I get Updates?
- Many RPMs still contain the name redhat, rhel, or rh. Shouldn't these be changed?
- Does CentOS change the upstream Source RPMs?
- Is there a Contrib area?
- What is CentOS's relationship with Red Hat®, Inc. or RHEL?
- Where can I get package XyZ.rpm for CentOS?
- What architectures are supported?
- Why does YUM complain about missing a GPG key under CentOS? Or I just installed CentOS and yum keeps reporting that the correct GPG key is not installed. How do I install it?
- The upstream provider offers Enterprise Linux in several flavors, AS, ES, WS, PWS, etc. Which one is CentOS like?
- How can I easily compare what major package versions are in CentOS 5 and CentOS 6?
- What are all the CentOS repositories (directories) and what is each one for?
- What is the versioning/release scheme of CentOS and how does it compare to the upstream vendor?
- How do I download and burn the CentOS isos?
- Can I add X to my server after install? Or I installed from the Server ISO and it didn't install X, how do I install X?
- How do I create a xorg.conf file?
- What are the Maximum number CPUs, Maximum filesystem size, Minimum / Maximum Memory and other specifications associated with the different CentOS versions?
- There is no mp3 support in CentOS! Or is there? How about other multimedia formats?
- What is the support ''end of life'' for each CentOS release?
- Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.
- A PCI audit says I am running a version which has CVE exploits in it
- How do I install or update on a system with no network connection?
- I installed the x86_64 version, so why do I have i386 packages, and can I get rid of them?
- How do I provide appropriate information about my system when asking questions?
- How do I upgrade from one major release to another?
- Why was there no package selection step when I've tried to install CentOS using the LiveCD/LiveDVD?
- Why is the CentOS Project Spamming me?
- Why is the CentOS Project taking over my Website?
- How does CentOS versioning work?
1. What is CentOS Linux?
CentOS Linux provides a free enterprise class computing platform to anyone who wishes to use it. CentOS Linux releases are built from publicly available open source SRPMS provided by Red Hat, Inc (often referred to as "Upstream" or "The Upstream Vendor (TUV)") for Red Hat Enterprise Linux (often referred to as “the upstream product” or RHEL).
CentOS conforms fully with the upstream vendors redistribution policies and aims to be functionally compatible with the upstream product. (CentOS mainly changes packages to remove upstream vendor branding and artwork.).
CentOS Linux does not contain the upstream vendor's product or certifications, although it is built from the same open source SRPMS as the upstream enterprise products.
2. How long after Red Hat publishes a fix does it take for CentOS to publish a fix?
Our goal is to have individual RPM packages available on the mirrors within 72 hours of their release, and normally they are available within 24 hours. Occasionally packages are delayed for various reasons. On rare occasions packages may be built and pushed to the mirrors but not available via yum. (This is because yum-arch has not been run on the master mirror. This may happen when issues with upstream packages are discovered shortly after their release, and if releasing the package would break it's functionality.)
Update Sets (see this FAQ) will have Security Errata released was stated above, while the BugFix and Enhancement errata are actually tested more rigorously and released after the new ISO for the Update Set is produced. The goal for release of a new point release or update set is four to eight weeks after the release by upstream. For more details see the explanation of The CentOS Rebuild and Release Process
During the period between the upstream release of a new minor version and the CentOS release intermediate updates will be published in a Continuous Release (CR) repository.
3. Where are the Release Notes for a given version?
Release Notes have last minute documentation or describe a commonly encountered problem, when a given release has a variation from the formal documentation. Release Notes are also used when there is a need to emphasize some change. The Release Notes vary, not unexpectedly, both by major release (CentOS 6, 5, ...), and also with each new minor 'point' update within a major release. This compilation collects links to each Release Note.
4. How do I get Updates?
CentOS ships with an application called yum that serves as our recommended tool for performing updates and package installation. Please see PackageManagement, PackageManagement/Yum, and this guide for Managing software with Yum.
A version of up2date is also provided that does not connect to the upstream vendor, but instead connects to the CentOS Network (CN) for updates. Starting with CentOS 4, yum will import the key, but only after the user sees the key and can verify it is authentic.
There is a separate FAQ question concerning how to import the CentOS RPM signature key.
Note on using yum: Starting with CentOS-4 we use a newer version of yum (as compared to CentOS-3), so there is a new metadata system that has the hdr files compressed in a single file (and not lots of small header files).
5. Many RPMs still contain the name redhat, rhel, or rh. Shouldn't these be changed?
The upstream vendor is using open source (mostly GPL) software in their business model. They take software that other people write (Gnome.org, X.org, KDE.org, OpenOffice.org to name a few). They repackage the source files into RPM format for redistribution. Because they chose an open source model to obtain the software they distribute, they must provide their source code to others. That is how the GPL works. The upstream vendor provides much added value by creating the Source RPMS and distributing them. They also fix problems in software and provide feedback to the software developers ... this is what makes open source software work.
The CentOS Project takes the publicly available source packages (SRPMS) provided by the upstream vendor and creates binary (installable) packages for use by anyone who wishes to use them.
Some packages contain Trademark information and the upstream vendor has specifically created a guide to redistribute software built from their publicly available sources. You can read about it here. We support the upstream vendors Trademark rights and strive to be in full compliance with those guidelines.
The CentOS project is not interested in taking credit for work done by others, so where possible we will leave all vendor file names as they are. If we must make any changes to a package (due to trademark restrictions, to setup a configuration file, etc.), it will have a .centosx in the filename (the x is the CentOS version ... 5 for CentOS-5.x, 6 for CentOS-6.x, etc.) As do most of the other rebuild projects, we change the kernel SRPM and do not label it .centosx. This is because the kernel needs to be exactly the same name to allow 3rd party modules to function.
I would like to thank the upstream vendor for making the SRPMS available in the manner that they do. There are several other enterprise vendors who do not make their source as readily available. Their product is excellent (or we would not rebuild it as CentOS), as is their support. If you need the support services that they provide, we highly recommend their enterprise product.
6. Does CentOS change the upstream Source RPMs?
No. CentOS' key mandate for our base and updates repositories is NOT extending or enhancing packages or features beyond those supplied by the upstream Source RPM's. CentOS strives intentionally to be a simple binary-functional clone for our users. CentOS does offer other (optional) repositories called extras, addons, contribs, and centosplus that do offer added functionality. There is a Wiki page about the various CentOS repositories and their purposes.
7. Is there a Contrib area?
Yes. Please see the Wiki page on Contributing to the CentOS project
8. What is CentOS's relationship with Red Hat®, Inc. or RHEL?
Red Hat curates the trademarks for CentOS and is providing initial guidance and expertise required in establishing the formal board structure used to govern the CentOS Project.
Some members on the CentOS Project Governing Board work for Red Hat, Inc.
CentOS Linux is NOT supported in any way by Red Hat®, Inc.
CentOS Linux is NOT Red Hat® Linux, it is NOT Fedora™ Linux. It is NOT Red Hat® Enterprise Linux. It is NOT RHEL. CentOS Linux does NOT contain Red Hat® Linux, Fedora™, or Red Hat® Enterprise Linux.
CentOS is built from publicly available source code provided by Red Hat, Inc.
9. Where can I get package XyZ.rpm for CentOS?
The Wiki has a page about the CentOS and other ''friendly'' repositories. Chances are good that one of those repositories has the package you are looking for.
10. What architectures are supported?
Only Major versions still in support upstream are considered here. Previously other architectures had candidates as well, but this is the current list as of August 2012:
CentOS 5 currently supports x86 and x86_64.
CentOS 6 currently supports x86 and x86_64.
11. Why does YUM complain about missing a GPG key under CentOS? Or I just installed CentOS and yum keeps reporting that the correct GPG key is not installed. How do I install it?
12. The upstream provider offers Enterprise Linux in several flavors, AS, ES, WS, PWS, etc. Which one is CentOS like?
CentOS is built from the publicly provided AS Enterprise Sources, although all of the above versions are built from the same sources. AS is either a larger subset of packages (than PWS and WS) or has advanced Kernel parameters supporting larger number of processors or memory (as compared to ES).
With the upstream provider, AS supports some IBM architectures not supported by the other versions (ES, PWS, WS). CentOS is built like the AS version.
Consult: What release am I running?
13. How can I easily compare what major package versions are in CentOS 5 and CentOS 6?
On the CentOS Distro Page at DistroWatch.com you can compare Major packages and all tracked packages. DistroWatch is a good resource for comparing Linux and BSD distributions.
14. What are all the CentOS repositories (directories) and what is each one for?
- Contains packages required in order to build the main Distribution or packages produced by SRPMS built in the main Distribution, but not included in the main Red Hat package tree (mysql-server in CentOS-3.x falls into this category). Packages contained in the addons repository should be considered essentially a part of the core distribution, but may not be in the main Red Hat Package tree.
- Packages contributed by CentOS Developers and the Users. These packages might replace rpm's included in the core Distribution. You should understand the implications of enabling and using packages from this repository.
- Packages contributed by the CentOS Users, which do not overlap with any of the core Distribution packages. These packages have not been tested by the CentOS developers, and may not track upstream version releases very closely.
- Contains manuals and release notes for CentOS
- Packages built and maintained by the CentOS developers that add functionality to the core distribution. These packages have undergone some basic testing, should track upstream release versions fairly closely and will never replace any core distribution package.
- Contains the ISOs for download. On the main CentOS mirror sites ISOs cannot be downloaded directly, but we provide a Bittorent file for downloading. On external public mirrors, ISOs may or may not be directly downloadable (at the discretion of the mirror owner).
- Contains the base OS tree that is on the Main ISO files.
- Contains updates released for the CentOS distro.
- Contains updates from the next point-release which went through basic QA but have not yet been released as a new CentOS point release.
Contains RPMs with debugging symbols generated when the primary packages are built. No repo config is provided. These packages are found at http://debuginfo.centos.org/
This repository is a proving grounds for packages potentially on their way to CentOSPlus and CentOS Extras. They may or may not replace core CentOS packages, and are not guaranteed to function properly. These packages build and install, but are waiting for feedback from testers as to functionality and stability. Packages in this repository will come and go during the development period, so it should not be left enabled or used on production systems without due consideration. No repo config is provided by default. CentOS-Testing.repo can be put in /etc/yum.repos.d. Contribute to CentOS by reporting problems or successes on the CentOS Developer's list. Use with caution.
See the Repositories page for more information.
15. What is the versioning/release scheme of CentOS and how does it compare to the upstream vendor?
The upstream vendor has two versions of enterprise Linux that CentOS rebuilds from the freely available SRPMS (see About CentOS for the details). So, the major CentOS releases are CentOS 5 and CentOS 6. The upstream vendor releases security updates as required by circumstances. CentOS releases rebuilds of security updates as soon as possible. Usually within 24 hours (our stated goal is with 72 hours, but we are usually much faster).
The upstream vendor also releases numbered update sets for Version 5 and Version 6 of their product (Currently EL 5 update 8 and EL 6 update 3 -- so called "point releases") twice a year in recent experience. There are new ISOs from the upstream vendor provided for these update sets. Update sets will be completed as soon as possible after the vendor releases their version. For more details see the explanation of The CentOS Rebuild and Release Process
CentOS follows these conventions as well, so CentOS 5.8 correlates with EL 5 update 8, CentOS 6.3 correlates to EL 6 update 3, etc.
One thing some people have problems understanding is that if you have any CentOS-x product and update it, you will be updated to the latest CentOS-x.y version.
The same is true for CentOS-5 and CentOS-6. If you update any CentOS-5 or CentOS-6 product, you will be updated to the latest CentOS-5.y or CentOS-6.y version.
Any point release is just a "snapshot" with previous updates, plus the latest batch of new upstream updates, rolled into a new [base] repo with an initially empty [updates] repo. Unless you have defeated the $baserelease mechanism and the conventional symbolic link for the major release (currently 6) pointing to the current point release (6.x) upgrades between point releases happen "automagically".
Old point releases are never supported. If you want/need to "freeze" at an old point release you are on your own.
This is exactly the same behavior as the upstream product. Let's assume that the latest EL5 product is update 8. If you install the upstream original EL5 CDs (the ones before any update set) and upgrade via their up2date tool, you would receive their latest update set (EL5 update 9 in our example). Since all updates within a major release (CentOS 5 or CentOS 6) always upgrade to the latest version when updates are performed (thus mimicking upstream behavior), only the latest version is maintained in each main tree on the CentOS mirrors.
There is a CentOS Vault containing older CentOS trees. This vault is a picture of the older tree when it was removed from the main tree, and does not receive updates. It should only be used for reference.
16. How do I download and burn the CentOS isos?
You can download the latest CentOS ISOs from here: CentOS Downloads
After you download the ISOs, you should check the MD5 sums (or better sha1 or sha265 sums) of the ISO file(s) that you downloaded against the published md5sum (again sha1 or sha265 sums) list in the ISO directory. If the values match, the download is good ... if they do not match, the file was not downloaded correctly, and you need to get the file over again. Bittorrent downloads are best, because they do an MD5sum check as part of the download process. Generally the DVD media is preferable as it avoids switching media during installation, and can be used via the pre-defined [c5-media] repo definition for local installation of additional packages via yum. Some environments block P2P file sharing including Bittorrent, in which case direct download is the only viable option. The mirrors that support it can be found via the "Downloads/Mirrors" drop-down on the menu bar at the top of Home or Forum pages. Then pick the link Current CentOS Public Mirror List, pick your geographic region, and look down the column labeled "Direct DVD Downloads" to find a suitable mirror near you.
Once you have verified the checksums of the ISO, you know you have a good download. Now you can burn the ISO to a disk. If you have k3b (CentOS-4 users do, all other CentOS users do not by default) I recommend you use it. You want to use the Tools -> CD -> Burn CD Image or Tools -> DVD -> Burn DVD ISO Image option to write the ISO file to a CD/DVD.
More information on how to verify and burn a CD ISO image can be found at http://www.centos.org/docs/5/html/CD_burning_howto.html.
Once the CD is burned, you should be able to boot from it. The last check you need to do is to verify the media. This will verify that the writing of the ISO to your media happened correctly. There will be a Check Media option after you select your keyboard and language.
If your media passes this check (make sure to check each disc for multiple media sets), you have a fully working installable media. If it fails this check, but passed the md5 (or sha1 or sha265 sum) check above, then the problem is with the burned media. Try burning on new media at a slower speed, if possible.
All CentOS ISOs that we release have been checked, so if the checksums that you have match, the ISOs should burn clean and pass the media checks. If they do not, the problem is almost always a bad media write to CD/DVD.
If you would rather buy your CentOS ISOs already burned, please see our official CentOS CD/DVD Vendors page. These official CentOS vendors donate a portion of each CD/DVD sale directly to the CentOS Project. You get a tested ISO ready to use ... we get money ... does it get any better than that
17. Can I add X to my server after install? Or I installed from the Server ISO and it didn't install X, how do I install X?
The easiest way to install X (and a GUI system) is to use the `yum groupinstall` feature. First you can see all the yum groups available with the command: yum grouplist You can install X and Gnome or KDE as follows:
CentOS-5 yum groupinstall "X Window System" "GNOME Desktop Environment" or yum groupinstall "X Window System" "KDE (K Desktop Environment)"
CentOS-6 yum groupinstall "X Window System" "Desktop" or `yum groupinstall "X Window System" "KDE Desktop".
You may also want to add some other groups from the list like `"Graphical Internet" or "Office/Productivity"`
Note: If you are running CentOS 5, yum groupinstall "GNOME Desktop Environment" may complain about a missing libgaim.so.0. This is a known bug. Please see CentOS-5 FAQ for details.
18. How do I create a xorg.conf file?
Upstream X developers have worked to make the /etc/X11/xorg.conf un-needed in the usual case. However sometimes one needs to 'tweak' settings for multiple display heads or such. A template xorg.conf may be created by root thus:
Xorg :1 -configure
which produces a file named: xorg.conf.new in the current working directory. This file may be tested using the -config option for Xorg. Once suitable, a backup may be made and the file can be placed in the /etc/X11/ directory to be used as the default configuration file.
19. What are the Maximum number CPUs, Maximum filesystem size, Minimum / Maximum Memory and other specifications associated with the different CentOS versions?
See the CentOS Product Wiki Page
20. There is no mp3 support in CentOS! Or is there? How about other multimedia formats?
Yes. There is no mp3 support in CentOS, as there is no mp3 support in the distribution sources as provided from upstream. While the CentOS Project simply rebuilds what is available upstream, these have been excluded because of legal (patent license) issues. You either can encode your music files to ogg vorbis, which is supported in CentOS or install mp3 support from a third party repository, such as rpmforge. For example: If you want mp3 support for xmms, then install xmms-mp3 from that repository.
The same is true for several other multimedia formats (codecs, for example: gstreamer plugins) and multimedia players like xine or mplayer. These aren't packaged with CentOS because of legal issues, but you may find those in the rpmforge repository.
21. What is the support ''end of life'' for each CentOS release?
CentOS-3 updates until Oct 31, 2010
CentOS-4 updates until Feb 29, 2012
CentOS-5 updates until Mar 31, 2017
CentOS-6 updates until November 30, 2020
CentOS-7 updates until June 30, 2024
22. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.
CentOS is an Enterprise-class operating system and as such is more about stability and long-term support than cutting edge. Major package versions are retained throughout the life cycle of the product. This is generally what Enterprise wants and affords developers a stable base on which to develop without fear that bespoke applications will break every time something gets upgraded to the latest and greatest, but ultimately buggy version or the API changes breaking backwards compatibility.
So no, you will generally NOT find the very latest versions of various packages included in an Enterprise-class operating system such as CentOS. It's a feature not a deficiency.
23. A PCI audit says I am running a version which has CVE exploits in it
It is of course possible if you have not run updates, or have not rebooted after an update. As always in a maintenance strategy, you should test updates on a non-production machine, and have a current and tested backup, taken before running the update tool.
Security patches and bug fixes are backported into the shipped version. See here for details: http://www.redhat.com/advice/speaks_backport.html Simply reading a version number on a package or a banner from network scanning is not sufficient to indicate a vulnerability, in light of this approach. Most reputable vendors understand this, but some seem to not account for the upstream approach in their product's reporting interface.
The changelog of each package generally specifies CVE matter addressed with patches. A CVE number is a commonly used reference to refer to vulnerabilities. As an example consider httpd which may be examined thus:
rpm -q --changelog httpd | less
or even this:
rpm -q --changelog httpd | grep CVE
People regularly appear in CentOS support venues asserting that a PCI assessor, or a web driven scanning tool is reporting that they need to update to some specific version of software not shipped in CentOS. PCI does not mandate specific version levels, but rather freedom from known testable vulnerabilities, usually expressed in the shorthand CVE number fashion. If a scan report is complaining about package versions, the person providing it is probably not doing it right, as the popular meme goes. CentOS and its upstream are continuously updated, and the CVE's addressed are reflected in the aforementioned changelog, so running a protective backup, updating, and rebooting or restarting the affected daemon service should address the matter. Other approaches, such as using one keyed to package version numbers, are simply wrong.
Please also read about the Wiki article Software Installation from Source. Obviously in the case where the administrators of a given installation have undertaken to extend a CentOS installation with local or non-CentOS provided binaries, the CentOS project cannot provide updates or maintain such divergence.
24. How do I install or update on a system with no network connection?
See the Wiki article Creating Update Media. The technique described there also works with DVD installation media. The key technique is
yum --disablerepo=\* --enablerepo=c5-media <yum_command_and_argument(s)>
25. I installed the x86_64 version, so why do I have i386 packages, and can I get rid of them?
CentOS follows the upstream source in this respect, as it does in general, and the x86_64 installation by default will install iX86 32-bit packages on a 64-bit installation for compatibility purposes. Many server system administrators (and some desktop users) want a pure 64-bit system and so remove all 32-bit packages. This can be accomplished as follows:
yum remove \*.i\?86
To keep any 32-bit packages from being installed in future updates, edit your /etc/yum.conf and add the line:
exclude = *.i?86
Be aware that 32-bit applications, including some third-party (non-CentOS) browser plugins that may only be available in 32-bit versions, will no longer work after this procedure.
You may also want to do this:
yum reinstall \*
The reason is that sometimes the /usr/share/ items (shared between BOTH packages) get removed when removing the 32-bit RPM packages.
26. How do I provide appropriate information about my system when asking questions?
27. How do I upgrade from one major release to another?
Upgrades in place are not supported nor recommended by CentOS or TUV. A backup followed by a fresh install is the only recommended upgrade path. See the Migration Guide for more information.
28. Why was there no package selection step when I've tried to install CentOS using the LiveCD/LiveDVD?
Installing CentOS from the live images is just a simple transfer of the image that exists already on the CD (or DVD). Once the image is copied to the hard disk, you can adjust the set of installed packages using yum as you would do on any other CentOS system. If you need to make the selection of packages at install time, please use one of the other installation disks instead of the live isos.
29. Why is the CentOS Project Spamming me?
They probably are not doing so. CentOS is an Operating System, like Microsoft Windows 7 or Mac OSX. Operating systems are installed on computers and people then use those computers to do things. Some things they do are good, other things they do are bad. However, the CentOS Project has no control over what people do with computers where the CentOS operating system is installed, any more than Microsoft has any control over who you send email to if your computer has the Windows 7 operating system.
If you saw a page that looks like this and that is what lead you to believe that the CentOS Project sent you an email, then you need to read the bottom paragraph more carefully. It says this:
CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. If you have issues with the content of this site, contact the owner of the domain, not the CentOS project. Unless this server is on the CentOS.org domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.
For example, if the website is www.example.com, you would find the owner of the www.example.com machine using the following WHOIS server and searching for www.example.com.
If you have an ip address, you can use the American Registry for Internet Numbers to find the owner of the machine. Note: If the IP address is not in the United States, ARIN will tell you the proper Regional Internet Registry to use.
It is the owner of the machine, and not the people who make the operating system that is sending you e-mail.
30. Why is the CentOS Project taking over my Website?
They are not. CentOS is an Operating System based on the Linux kernel. CentOS powers millions of Web Servers on the Internet, in fact it is currently the 2nd most used Linux operating system for web servers in the world (see Survey).
The "Powered By" page you are seeing is the default page when there is no content to show for a given site. This can be caused by a several issues, but the three most common are:
- You have just finished a web server install and you have not added any content to the machine.
- A web server misconfiguration where the configured location is empty.
A Domain Name System issue where the name for the website in question is not pointing to the proper IP address.
The way to get this problem fixed is to talk to the person who configures either the web server or your domain names. The CentOS Project can not do either of those things on anyone else's machines.
31. How does CentOS versioning work?
CentOS versions have 2 (or maybe 3) components that are seperated by a period. The 3 components are Major Release (M), Minor Release (m), and Date Code (d). The date component will be YYMM (and if required, DD). The way they are used is in a string that looks like this:
So, as an example, 7.0.1406 would have 7 as a Major Release, 0 as a Minor Release, and 1406 as a date (meaning Jun 2014). In an other example, 5.11 would be 5 as the Major Version, 11 as the Minor Version and there is no Date Code. Minor versions are also called 'point releases' This is akin to Service Packs concept in Microsoft Windows.
The first thing to understand about CentOS versioning is that we only maintain the 'Latest' major version. Minor versions are nothing more than point in time snapshots of Major versions. What this means is CentOS-5.10 and CentOS-5.11 are point in time snapshots of CentOS-5.
Yum uses a 'Release Version' ($releasever) when doing updates and that always corresponds to the Major version. In the case of both CentOS-5.10 and 5.11, that Major Version or $releasever is 5. The minor versions are just different snapshots of a major version.
You should NOT try to maintain yourself on a specifc minor version CentOS as all updates (security, bugfix or enhancement) are staged. That means that if an update comes out today, it is built for/on and expects every other update before it to be applied for before it is applied. If you install a bash compiled for CentOS-5.10 on CentOS-5.4, it may or may not work correctly.
CentOS is designed for you to be running CentOS-5, CentOS-6, CentOS-7 (major version). Any time you run a yum update, no matter what you installed from, you will be upgraded to the latest update for that major version. This means if you install from a CentOS-5.3 ISO and then run 'yum update' , you will be updated to CentOS-5 latest (at the time of this answer, 5.10) with all updates installed. If you installed from a CentOS-6.1 ISO, then ran 'yum update', you would be at CentOS-6 lastest (at the time of this question, 6.5) with all updates.
This means CentOS is designed for you to pick a Major branch (right now CentOS-5, CentOS-6, or CentOS-7) and you will always be at Major.latest when you run updates. It also means CentOS-6.3 is just CentOS-6.latest minus the security and bugfix updates released since you stopped updating. It is very unsafe to run in these conditions .. you should always maintain your systems up to date.
CentOS-7 also has a date componet. We may (or may not) also roll the date componet back into older versions of CentOS. The date componet does not do anything more than show the year and month of the release.