Installing only critical updates via yum?

Mauriat Miranda mirandam at gmail.com
Fri Feb 2 18:10:50 UTC 2007


On 2/2/07, Phil Meyer <pmeyer at themeyerfarm.com> wrote:
>
> Fedora moves too fast to maintain a securities issues list. :)

Subscribe to the fedora-package-announce list and filter on:
"[SECURITY] Fedora Core 6 Update"

http://lwn.net/Alerts/Fedora/

> Basically, a FC4 system that has been updated a time or two a year ago
> is probably ahead of the vast majority of Linux systems security patches.
>
> Any FC5 system is way ahead, and FC6 is not even looked at by the
> security testers (generally -- not implying anything here) except by the
> RedHat kernel guys who have to back port known exploits, performance,
> and custom patches into 'all' kernels.

I'm not exactly clear as to what you are saying. FC4 has had
discontinued support for several months(?).

> When you talk about patching for security in Fedora Core, it is usually
> at the application level (php or some such).  Those get wide publication
> so you will probably know about them.

If an application is packaged and included in Fedora Core, then it is
Fedora's responsibility to provide an update if and when necessary.

> I am not suggesting that anyone relax about security, just putting it
> into perspective.

With all due respect, I really don't understand your perspective or on
what information you based your conclusions.

-Mauriat




More information about the fedora-list mailing list