On Sun, Nov 14, 2010 at 13:59:24 +0100, Till Maas <opensource@xxxxxxxxx> wrote: > > If there are no security updates, people can not apply them. So what is > worse? If people stop applying updates, then it is at least their > decision. If there are no updates, people can only choose not to use Many people are going to just pull updates. They aren't going to make a decision on their own. Security updates aren't all created equal. While the case that was referenced in this was easily remotely exploitable, not all security issues expose a system to that level of risk. > The optimal case is to provide well tested security updates fast, but > this is not what Fedora achieves. In my example there is no indication > that the update was especially tested, because it did not get any karma. > And it was not provided fast. There is definitely a problem that needs fixing. But I don't think changing the goal to untested security updates provided quickly is the preferred solution. Perhaps we should have a way to draw attention to high priority updates. Generally we need more testers and need to make them more efficient. (Test plans for packages can make testing more efficient and accurate.) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel