On Thu, 20 Dec 2007 08:41:24 +0100, Thorsten Leemhuis wrote: > [...] there are currently up to four (or even > more) days between pushes afaics (the last one right now for example was > on 15 December 2007): > > * for normal updates that's not a problem, but I think four days are a > to long delay for updates that fix security issues. If that is true, then wtf is the purpose of the "security" check-box in bodhi if it doesn't inform release engineers about the necessity to push a security related update? For Extras I've asked packagers to mark their packages appropriately (in the cvs commit comment or %changelog entry, adding the CVE id or stating that it's a "security/vulnerability fix") in order to help deciding when to push the next time or what to push quickly with a delayed build report. > And, BTW, what's exactly the problem with "moving target for all > mirrors"? There were (are?) yum problems iirc (¹), but I suppose we can > fix them if we want? If the master site is modified too often, the window, during which mirrors can sync a complete set [*] of changes, becomes smaller. I guess Matt Domsch can tell how often mirrors sync on average. [*] packages plus matching metadata > CU > thl > > (¹) -- downloading metadata from one mirror, download error on it, > switching to another mirror that has even new push where the file yum > tries to download is already is gone again That's one of the problems. Files not found, persistent metadata checksum errors (older repomd.xml from previous mirror in conjunction with newer metadata from other mirrors), users seeing update announcements but tools not seeing the updates [yet]. And last but not least, do you like being notified about system updates daily? First there's a series of minor version updates for some package, then upstream releases the next stable major version, and the packager smacks his lips because it's so exiciting to push that hot new stuff to Fedora 7+8+development instead of giving it time to test it in development. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list