Yes I know about the updates dir.. :)
Just checking... no offense.
If you look at the RH9 errata ( https://rhn.redhat.com/errata/rh9-errata.html ) there have been 7 security updates since the last kernel update and these have not been updated in Fedora ( make it 6 since the one came out today :) ).. I would have hoped that security updates would have a high priority to get out on any distro, and thats what I am trying to find out about..
Like I said maybe Fedora does not need these updates because it is running newer packages than RH9 anyway..
Hmm. That's actually a good question. FC1 has certainly been right along with RH9 for the recent kernel updates...
mremap bug in kernel: RH9 and FC1 released now kernel packages 1/5/2004
CVE CAN-2003-0542 bug in httpd: RH9 fixed on 12/16/2003, FC1 on 1/8/2004
Perhaps the more recent fixes (slocate, tcpdump, gaim, etc) are being tested before release and announcement.
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/i386/
has recently updated gaim and slocate packages, for example. I haven't grabbed them to check the changelogs, but it would seem likely that they have the same fixes.
It's just the different speeds at which updates make the journey from proposed -> testing -> released update, I suspect.
I don't mean to upset or offend anyone i am just trying to find out what the security policy of the dev team is..
No offense here. The dev team may be more likely to answer if you hop over to the fedora-devel-list though...