On Thursday 02 December 2004 10:45 pm, Martin wrote: > If you automatically update without seeing why (ie > reading the email), you run the small risk of breaking > something. Kernel updates, particularly. Well if you notice that there are any updates (but no email so far) the correct (wise) thing to do would be to download the rpm and query it's changelog (to find out what's the update for). > On the other hand, if you wait to read what it is that > you're updating, you risk being exposed to some > network evil. Right, but that would be just for security fixes which are about to (hardly) 10 to 20% of the updates released. The vast majority are bug fixes and/or improvements. I think there could be like a happy-medium between the two obvious solutions. They could send out security-related announcemnts right-away advising, just like you say, that you the packages will show up eventually in your mirrors...and then we could have the other announcements (non-security related) be done like they are doing now (2 or 3 days after they're placed). Conclusion: AT LEAST for security fixes, there should be immediate announcements. Jorge
