On Sun, 16 Jun 2013 10:33:23 -0600 Kevin Fenzi wrote:
On Sun, 16 Jun 2013 08:31:19 -0600
Jake Edge <jake(a)lwn.net> wrote:
>
> We processed a huge number of KDE security announcements for F18
> last week:
https://lwn.net/Articles/553900/ ... but the comments on
> that article indicate that almost all of them are not actually
> security fixes and are, instead, some kind of koji overreach?
> seemingly the same pile of fixes showed up for F17 yesterday ... is
> it just kdeplasma-addons that needs to be highlighted (perhaps with
> a mention that koji cascaded the bug into a bunch of unaffected
> packages?) ... or is there more? or are they truly all affected?
This is due to this being 1 single update with all the kde packages.
See:
https://admin.fedoraproject.org/updates/FEDORA-2013-10182/
So, all those packages are all "FEDORA-2013-10182"
and since you can only mark the single update security or not, the
entire thing (and all packages) are marked security.
What I don't quite follow is whether all of those packages are in fact
updated for security reasons or whether this is just an artifact of
bodhi (or koji or something) ... I am sensing the latter ...
does 'kdepimlibs' or 'kdeedu' (to pick two at random) need to be
updated for *security* reasons? or just because it got tagged with one
(?) package that was updated to the same upstream revision
(kdeplasma-addons ... others?)
I don't know if this will be handled any better in bodhi 2.0, but
we
could surely look and try and handle things better. What would you
like to see for an update like this? Different names for each
package? Or some what to tag only those package(s) that are security
updates?
Well, I would think Fedora users would only want things that are
actually security updates to marked as such ... or are all these
packages dependent on the Plasma add-ons somehow? That's what's
confusing here imo ...
jake
--
Jake Edge - LWN - jake(a)lwn.net -
http://lwn.net