radical suggestion for fc4 release

Mark J Cox mjc at redhat.com
Tue Feb 1 17:15:32 UTC 2005

> metapackages that use these provides. If the original intent for
> creating the provides is solely for internal auditing needs, is it
> appropriate to expose to everyone in this way?

Actually it's to assert that we're providing a backported patch for a 
security issue in a package.  This is incredibly useful to end users, 
especially those who have to respond to auditors (we get many requests 
along these lines, where a customer wants to be able to show an auditor 
that the old version of, say, OpenSSH, contains a fix for some particular 
named issue).

Cheers, Mark

More information about the fedora-devel-list mailing list