Re: FESCo wants to ban direct stable pushes in Bodhi (urgent call for feedback)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2010-03-03 at 07:52 +0100, Kevin Kofler wrote:
> James Antill wrote:
> >  This isn't a hard problem, 3.0 should then be marked as a security
> > update.
> 
> But the case we're discussing is that 3.0 was pushed long before it was 
> known that it happens to fix a security vulnerability. We're not going to 
> arbitrarily push another update and call it "security" when it doesn't fix 
> any security issue that's not already fixed.

 I would assume you could just change the updateinfo for the the current
update to mark it as "security", this is a tiny amount of extra work on
the packager side ... but without it all the work to create the security
types on updates is worthless.

> This is just another failure point of yum-security.

 This would be the _only_ failure point, if in fact it is policy (and
isn't going to be fixed). Of course it's such a huge issue I'll have to
make the --security option a noop in Fedora if true, no arguments there
the option would be worthless.

-- 
James Antill - james@xxxxxxxxxxxxxxxxx
http://yum.baseurl.org/wiki/releases
http://yum.baseurl.org/wiki/whatsnew/3.2.27
http://yum.baseurl.org/wiki/YumMultipleMachineCaching
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux