On Thu, 2007-03-29 at 11:01 -0700, Joe Pruett wrote: > > Joe Pruett wrote: > >> > Is it this one in the upstream? > >> > > >> > https://rhn.redhat.com/errata/RHEA-2007-0128.html > >> > >> yes, that is the one. i was wondering if the announcement just was > >> forgotten or if the updates wasn't really ready yet but slipped into the > >> repos. > > > > Which would annoy you more? > > 1. Update sans announcement > > 2. Announcement sans update. > > > > There will always be a timing issue, and I'd go with releasing the update, > > allowing mirrors to sync and then the announcement. > > i was actually more concerned about a rogue package getting slipped in > somehow. That is why we sign packages ... if it has our key, it is good to go :P The real issue was that RH initially released it for fastrack, then they moved it without announcement (it is a bug fix and not a security fix) into main updates for el3 ... we followed suit. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20070402/23eb9b4b/attachment-0004.sig>