On Thu, 7 May 2015 23:27:31 +0300, Elad Alfassa wrote: > Another point is that this repo does not seem to be fast enough with > security updates, as it is operated by volunteers and doesn't seem to > have a security response team - so it sometimes takes weeks for > critical security fixes to be shipped to users. Wait a minute! You don't really want to open that can of worms. Do you know any examples about _critical_ vulnerabilities in rpmfusion.org packages? Fedora may have a security team, but there are 304 open CVE tickets about "moderate vulnerabilities" dating back as far as into the year 2012, and 38 open tickets about "important vulnerabilities" dating back into early 2013. Example: https://bugzilla.redhat.com/958305 Reported: 2013-04-30 2015-04-23: Can an update be pushed for this package? Two years have passed without any activity in that ticket. Not even any details about whether there have been new upstream releases meanwhile or whether the issue has been forwarded upstream. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
