On 31 May 2011 16:12, Les Mikesell lesmikesell@gmail.com wrote:
On 5/30/2011 6:12 PM, Alan Bartlett wrote:
I would certainly appreciate the updated packages that resolve particular CVEs, whereas for plain bug-fixes I could wait.
Agreed on the security-related fixes being the important ones, but I suspect that build-order dependencies will apply anyway and there's no reason to hold back working updates. In any case, prioritizing the update stream ahead of work on anaconda and iso-building makes sense for the same reasons 5.6 was pushed ahead of 6.x work. It's just bad for everyone to leave known security vulnerabilities on currently running machines. Personally, I'd consider that important enough to make it the default, although in that case maybe they should go though the 'testing' repo first and require some large-scale feedback first.
I had given a brief thought to the build-order dependencies and decided that if a security bug-fix could be pushed out as soon as it could be built, I would then -- once the full point update had been released -- perform a "yum reinstall" for all those "fast" security fixes. A bit hazy around the edges, so I would leave the fuller details to those greater wizards to ponder.
Alan.