On Fri, Feb 24, 2023 at 05:56:01AM -0000, Daniel Alley wrote: > Are you saying that DNF does an exact version match instead of making the > assumption that packages with version >= X contain a fix for a security bug > which the updateinfo declares to be fixed in X? > Or that the updateinfo itself gets purged of advisories that don't apply to the latest versions available. updateinfo is created by bodhi on every push with the current data. So consider: You have foo-1.0-1.fc37 in the base repo foo-1.1-1.fc37 comes out as an update and it fixes a security bug. later foo-1.2-1.fc37 comes out and it's an enhancement. Users that updated to 1.1-1.fc37 will just see the enhancement update. Users that just installed or haven't updated to 1.1-1.fc37 will see just 'an enhancement update to 1.2-1.fc37' and --security will not update the package. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
