Disturbing lack of FE security updates announcements!

[Patrice Dumas]

On Thu, Nov 09, 2006 at 11:10:51AM -0500, Jesse Keating wrote:
> On Thursday 09 November 2006 10:58, Ralf Corsepius wrote:
> > The only thing that counts to end-users is receiving fixes in timely
> > manners - not users being actively notified about a maintainer claiming
> > to have addressed a particular CVE.
> 
> There are many users of Fedora in general that wish to only take in security 
> fixes and not 'random update maintainer thought was cool'.

Maybe the best would be to have the infrastructure that allows interested 
users to do the notification themselves easily without disturbing those who 
don't care. 

* if they are maintainers there could be tools such that it is easy to send
  out an advisory avec a rebuild

* for other people there could be a way to watch out the changes in fedora 
  extras packages (%changelogs) and an easy way to issue an advisory based
  on that.

And of course all that should be documented in the wiki.

Nothing should be mandatory for the package maintainers, in my opinion.

--