On 2023-02-22 10:48, Kevin Fenzi wrote:
On Wed, Feb 22, 2023 at 05:38:23AM +0100, Kevin Kofler via devel wrote:
I remember that in ancient times (pre Core-Extras Merge), some Fedora
repository (IIRC, the old Fedora Extras) used to ship not only the latest
build for each package, but the TWO latest builds,
Cons:
* It will allow for more easily tricking people into downgrading to a
version that has serious security problems so they could be exploited.
Contrary-wise: Because Fedora updates only contains the latest built,
once a build marked as a security fix is obsoleted by another build,
there is no longer any indication that a security issue existed in any
version, at which point "dnf update --security" no longer works.
That might be a problem only for systems that are updated less
frequently than the window between a security update and a later build,
I still think it's a flaw that should be fixed.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
