Lack of update information

Kevin Kofler kevin.kofler at chello.at
Mon Jan 26 21:43:54 UTC 2009


Robert Scheck wrote:
> In general, I agree with you. Maintainers must and have to put information
> and details into Bodhi when submitting an update. Just "upgrade to xxx" is
> not suitable, yes. But there are exceptions sometimes, e.g. when ClamAV or
> phpMyAdmin upstream goes crazy again and pushes out the fix, tells "this
> is an important security fix, details will follow in the next days or so"
> as this already happend multiple times in the past. Usually then, it is a
> more bigger security issue with remote impacts which has to pass through
> without any stoppers except for or by the Fedora Security team.

diff -Nur foo-old foo-new
and you'll see fairly quickly what they fixed. (And it's also trivial for a
cracker to do that, so it's utterly pointless to try withholding
information that way.)

        Kevin Kofler




More information about the devel mailing list