On Thu, 2007-02-22 at 09:56 -0500, David Hollis wrote:
On Thu, 2007-02-22 at 07:39 -0500, seth vidal wrote:
>
> and it would give users very little awareness that something didn't get
> patched.
>
> giving them a false sense of security.
>
And also leave them potentially vulnerable to a larger number of issues.
In some cases, some patching is better than no patching. If httpd
doesn't get updated for a hot zero-day exploit because of a dependency
issue with gimp and my system gets exploited, that seems like a bad
thing.
and this is why the update system is writing out update data. So, we can
differentiate b/t update for feature and update for security, or
different grades of a security update.
then we can work more intelligently on:
yum update security-critical-only (as an example)
and have it do those only.
-sv