Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: subversion-api-docs https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177483 ------- Additional Comments From toshio@xxxxxxxxxxxxxxx 2006-03-06 12:03 EST ------- I don't think that'll work:: $ repoquery --requires --repoid=development subversion-devel apr-devel apr-util-devel subversion = 1.3.0-4.2 So whether we depend on subversion or subversion-devel we're creating a situation where we cannot update subversion-core because the documentation is out of sync. OTOH, not including the release portion of EVR in the package dependencies makes it less likely that the scenario I mentioned where a neon security flaw is blocked by out-of-sync subversion/subversion-api-docs could occur but the example would still be valid for security flaws in subversion itself. You argue yourself, that exact EVR isn't necessary for the package dependencies because an upgrade will just add accuracy to what is already there. My argument is just an extension of this: it's better that the subversion-api-docs are not made dependent on subversion and are placed in their own %{_docdir}/subversion-api-docs directory because it eliminates a potential security problem in trade for a similar accuracy of the documentation. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
