On 2023-02-22 10:48, Kevin Fenzi wrote:
On Wed, Feb 22, 2023 at 05:38:23AM +0100, Kevin Kofler via devel
wrote:
> I remember that in ancient times (pre Core-Extras Merge), some Fedora
> repository (IIRC, the old Fedora Extras) used to ship not only the latest
> build for each package, but the TWO latest builds,
Cons:
* It will allow for more easily tricking people into downgrading to a
version that has serious security problems so they could be exploited.
Contrary-wise: Because Fedora updates only contains the latest built,
once a build marked as a security fix is obsoleted by another build,
there is no longer any indication that a security issue existed in any
version, at which point "dnf update --security" no longer works.
That might be a problem only for systems that are updated less
frequently than the window between a security update and a later build,
I still think it's a flaw that should be fixed.