On 2/23/23 18:00, Björn Persson wrote:
Gordon Messmer wrote:
> Contrary-wise: Because Fedora updates only contains the latest built,
> once a build marked as a security fix is obsoleted by another build,
> there is no longer any indication that a security issue existed in any
> version, at which point "dnf update --security" no longer works.
There are also other dangers with installing only security fixes. If a
bugfix is released and packaged, and later it's discovered that the bug
had security implications, then no security update will be made because
the fix is already packaged. It might be possible to set a security
flag on the update after the fact, but nobody will bother with that.
I would therefore advise against using --security. If one can't install
all the updates continuously, then one should use a more stable
distribution than Fedora.
I actually use --security for the *opposite* purpose: to get security
updates from updates-testing. Only problem I can remember having is broken
syntax highlighting from a somewhat recent vim update.
Demi Marie Obenour (she/her/hers)