[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Proposal: drop delta rpms (for real this time)
From:       Kevin Fenzi <kevin () scrye ! com>
Date:       2023-02-24 17:40:57
Message-ID: 20230224174057.pz3scd7v4zrjcyw6 () logain ! scrye ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Fri, Feb 24, 2023 at 05:56:01AM -0000, Daniel Alley wrote:
> Are you saying that DNF does an exact version match instead of making the
> assumption that packages with version >= X contain a fix for a security bug
> which the updateinfo declares to be fixed in X? 
> Or that the updateinfo itself gets purged of advisories that don't apply to the \
> latest versions available.

updateinfo is created by bodhi on every push with the current data. 

So consider: 

You have foo-1.0-1.fc37 in the base repo
foo-1.1-1.fc37 comes out as an update and it fixes a security bug.
later foo-1.2-1.fc37 comes out and it's an enhancement. 

Users that updated to 1.1-1.fc37 will just see the enhancement update. 

Users that just installed or haven't updated to 1.1-1.fc37 will see just
'an enhancement update to 1.2-1.fc37' and --security will not update the
package. 

kevin


["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


[prev in list] [next in list] [prev in thread] [next in thread]