On Wed, 26 Oct 2016 13:50:11 +1100 Bojan Smojver <bojan@xxxxxxxxxxxxx> wrote: > I'm thinking, why not just have these as dump repositories (i.e. just > signed packages) and then have dnf on each system stitch up a repo > from them using createrepo locally. Then you don't need to teach bodhi > anything. And the number of such urgent packages would always be very > low. Essentially an intersection of critical path and high severity > CVEs. How would dnf know there are packages there without any repodata? How would it know what key they should be signed by? Every fedora dnf on every run hits the master mirror for an index? There would also be no multilib, so people with i686/x86_64 installed machines could see errors/not update. Also no drpms, but perhaps thats not a show stopper. > In the meantime, when the regular bodhi composer job sees them, it > picks them up and puts them into updates/updates-testing, as required. Sure. kevin
Attachment:
pgpzGeQFwxISw.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
