On Wed, Nov 19, 2008 at 10:08:09AM -0500, James Antill wrote:
> On Wed, 2008-11-19 at 10:08 +0100, Kevin Kofler wrote:
> > Seth Vidal wrote:
> > > you mean like the already existing yum security plugin and the update info
> > > that bodhi generates?
> >
> > Except it just doesn't work... 2 big problems there:
> > 1. Security updates can be obsoleted by non-security updates. So if you
> > didn't install the security update in time, you'll never get it.
> > 2. Sometimes security updates cause regressions. Usually these are fixed
> > very quickly... in a regular bugfix update. With the result that users of
> > yum-security will be stuck with the regression (or if they didn't update in
> > time, with situation 1., i.e. without the security update).
> >
> > To solve 2., fixes for regressions from security updates would have to be
> > marked security as well, or (probably better) use a new category ("bugfix
> > for security update") which is also pulled in by yum-security.
>
> This seems very dodgy to me, yes in Fedora you are likely to get a
> security errata with extra changes ... and sometimes those extra changes
> contain bugs. That doesn't mean the bugs are magically different from
> normal bugs.
> We already have bugfix and enhancement ... and we already have "yum
> update --bz 1234", for specific problems. I don't think we need/want to
> mangle what a security fix is for this.
>
> > To solve 1., the metadata would have to carry the information for the
> > security update even after it is obsoleted, and
>
> Yes, at the minimum the updateinfo.xml would have to never remove
> security data ... at best each package could also contain the latest
> security update.
https://fedorahosted.org/bodhi/ticket/259
luke
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
