Ralf Corsepius wrote: >> The problem I'm trying to address here is that there is no way for end users >> to find out about FE package updates which are security related. This is BAD, > Why? > > The only thing that counts to end-users is receiving fixes in timely > manners - not users being actively notified about a maintainer claiming > to have addressed a particular CVE. > More conservative users may only want to upgrade because either they want a new feature / bugfix, or because of a security issue. For those users knowing this is important. > Wasn't it you who recently complained about bureaucracy? To me, what you > are doing is asking to increase the bureaucratic burdon to maintainers. > I maintain 80 + packages, yet I have done only 3 security fixes this whole year. Aaiee sending 3 announcements mails every year the sheer horror :) No, seriously I'm very much against bureaucracy and this and this aint it. Regards, Hans -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
