On 08/16/2012 10:04 AM, Les Mikesell wrote:
On Wed, Aug 8, 2012 at 5:08 AM, Karanbir Singh mail-lists@karan.org wrote:
That's probably what 90% of people will be happy with.
interesting. are you saying that most people are not interested in tracking specific CVE's etc ?
I think I missed the basic premise here. The specifics only matter when you don't have a known fix installed. Separating things isn't the point so much as just getting them in the update stream so normal updates install them. Is this for the special case where normal updates are backed up from build issues at a point/version release - or to help where people don't want updates to fix bugs unless they are security-related?
One point is, for already installed packages you can print out the CVE's or the Index Number of the update (as one example). This means you can fairly easily generate reports to show compliance with some standard (PCI, etc.)
You can also say to only install Security and not BugFix or Enhancement updates, etc.
See this page for the capabilities that yum-security can give: