Disturbing lack of FE security updates announcements!
Ralf Corsepius
rc040203 at freenet.de
Thu Nov 9 18:35:15 UTC 2006
On Thu, 2006-11-09 at 18:52 +0100, Patrice Dumas wrote:
> On Thu, Nov 09, 2006 at 11:10:51AM -0500, Jesse Keating wrote:
> > On Thursday 09 November 2006 10:58, Ralf Corsepius wrote:
> > > The only thing that counts to end-users is receiving fixes in timely
> > > manners - not users being actively notified about a maintainer claiming
> > > to have addressed a particular CVE.
> >
> > There are many users of Fedora in general that wish to only take in security
> > fixes and not 'random update maintainer thought was cool'.
>
> Maybe the best would be to have the infrastructure that allows interested
> users to do the notification themselves easily without disturbing those who
> don't care.
c.f. my previous posting. We are discussion a non-argument here.
If you want a "security only" update medium, this should be integrated
into yum.
The fundamental question would be how that would be useful and how to
separate "security updates" from "ordinary updates".
Also consider that many FE maintainers don't really care about security,
many "simply package". Also consider that many of the packages in Fedora
qualify as "exotic niche packages" which don't have a real "security
monitoring" record.
Ralf
More information about the fedora-extras-list
mailing list