radical suggestion for fc4 release
Mark J Cox
mjc at redhat.com
Tue Feb 1 17:15:32 UTC 2005
> metapackages that use these provides. If the original intent for
> creating the provides is solely for internal auditing needs, is it
> appropriate to expose to everyone in this way?
Actually it's to assert that we're providing a backported patch for a
security issue in a package. This is incredibly useful to end users,
especially those who have to respond to auditors (we get many requests
along these lines, where a customer wants to be able to show an auditor
that the old version of, say, OpenSSH, contains a fix for some particular
named issue).
Cheers, Mark
More information about the fedora-devel-list
mailing list