On 31 May 2011 16:12, Les Mikesell <lesmikesell at gmail.com> wrote: > On 5/30/2011 6:12 PM, Alan Bartlett wrote: >> I would certainly appreciate the updated packages that resolve >> particular CVEs, whereas for plain bug-fixes I could wait. > Agreed on the security-related fixes being the important ones, but I > suspect that build-order dependencies will apply anyway and there's no > reason to hold back working updates. In any case, prioritizing the > update stream ahead of work on anaconda and iso-building makes sense for > the same reasons 5.6 was pushed ahead of 6.x work. It's just bad for > everyone to leave known security vulnerabilities on currently running > machines. Personally, I'd consider that important enough to make it the > default, although in that case maybe they should go though the 'testing' > repo first and require some large-scale feedback first. I had given a brief thought to the build-order dependencies and decided that if a security bug-fix could be pushed out as soon as it could be built, I would then -- once the full point update had been released -- perform a "yum reinstall" for all those "fast" security fixes. A bit hazy around the edges, so I would leave the fuller details to those greater wizards to ponder. Alan.