Disturbing lack of FE security updates announcements!
Hans de Goede
j.w.r.degoede at hhs.nl
Thu Nov 9 19:19:12 UTC 2006
Ralf Corsepius wrote:
>> The problem I'm trying to address here is that there is no way for end users
>> to find out about FE package updates which are security related. This is BAD,
> Why?
>
> The only thing that counts to end-users is receiving fixes in timely
> manners - not users being actively notified about a maintainer claiming
> to have addressed a particular CVE.
>
More conservative users may only want to upgrade because either they
want a new feature / bugfix, or because of a security issue. For those
users knowing this is important.
> Wasn't it you who recently complained about bureaucracy? To me, what you
> are doing is asking to increase the bureaucratic burdon to maintainers.
>
I maintain 80 + packages, yet I have done only 3 security fixes this
whole year. Aaiee sending 3 announcements mails every year the sheer
horror :)
No, seriously I'm very much against bureaucracy and this and this aint it.
Regards,
Hans
More information about the fedora-extras-list
mailing list