On Fri, Feb 24, 2023 at 05:56:01AM -0000, Daniel Alley wrote:
Are you saying that DNF does an exact version match instead of making
assumption that packages with version >= X contain a fix for a security bug
which the updateinfo declares to be fixed in X?
Or that the updateinfo itself gets purged of advisories that don't apply to the
latest versions available.
updateinfo is created by bodhi on every push with the current data.
You have foo-1.0-1.fc37 in the base repo
foo-1.1-1.fc37 comes out as an update and it fixes a security bug.
later foo-1.2-1.fc37 comes out and it's an enhancement.
Users that updated to 1.1-1.fc37 will just see the enhancement update.
Users that just installed or haven't updated to 1.1-1.fc37 will see just
'an enhancement update to 1.2-1.fc37' and --security will not update the