FESCo wants to ban direct stable pushes in Bodhi (urgent call for feedback)
James Antill
james at fedoraproject.org
Wed Mar 3 15:26:51 UTC 2010
On Wed, 2010-03-03 at 07:52 +0100, Kevin Kofler wrote:
> James Antill wrote:
> > This isn't a hard problem, 3.0 should then be marked as a security
> > update.
>
> But the case we're discussing is that 3.0 was pushed long before it was
> known that it happens to fix a security vulnerability. We're not going to
> arbitrarily push another update and call it "security" when it doesn't fix
> any security issue that's not already fixed.
I would assume you could just change the updateinfo for the the current
update to mark it as "security", this is a tiny amount of extra work on
the packager side ... but without it all the work to create the security
types on updates is worthless.
> This is just another failure point of yum-security.
This would be the _only_ failure point, if in fact it is policy (and
isn't going to be fixed). Of course it's such a huge issue I'll have to
make the --security option a noop in Fedora if true, no arguments there
the option would be worthless.
--
James Antill - james at fedoraproject.org
http://yum.baseurl.org/wiki/releases
http://yum.baseurl.org/wiki/whatsnew/3.2.27
http://yum.baseurl.org/wiki/YumMultipleMachineCaching
More information about the devel
mailing list