On Wed, 2010-03-03 at 07:52 +0100, Kevin Kofler wrote: > James Antill wrote: > > This isn't a hard problem, 3.0 should then be marked as a security > > update. > > But the case we're discussing is that 3.0 was pushed long before it was > known that it happens to fix a security vulnerability. We're not going to > arbitrarily push another update and call it "security" when it doesn't fix > any security issue that's not already fixed. I would assume you could just change the updateinfo for the the current update to mark it as "security", this is a tiny amount of extra work on the packager side ... but without it all the work to create the security types on updates is worthless. > This is just another failure point of yum-security. This would be the _only_ failure point, if in fact it is policy (and isn't going to be fixed). Of course it's such a huge issue I'll have to make the --security option a noop in Fedora if true, no arguments there the option would be worthless. -- James Antill - james@xxxxxxxxxxxxxxxxx http://yum.baseurl.org/wiki/releases http://yum.baseurl.org/wiki/whatsnew/3.2.27 http://yum.baseurl.org/wiki/YumMultipleMachineCaching -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel