On Thu, 28 Jul 2005 17:40:24 +0100, James Wilkinson wrote: > Dotan Cohen wrote: > > Yes, but we do not always know when/if there is a security patch. I > > just yum update and not worry. Unless, of course, it doesn't work! > > Claude Jones wrote: > > You could 'always know' this, if you were to subscribe to the > > fedora-announce-list > > http://www.redhat.com/mailman/listinfo/fedora-announce-list > > This is a very low-volume list that will always keep you notified of patch > > releases. > > The only patch notifications I can see on the list are for Fedora Core. > > As far as I know, there is no equivalent list for Fedora Extras. For > instance, ClamAV was updated recently, moving the package to 0.86.2. > This appears to fix an Outlook-sized vulnerability[1]. > > The only alert I've seen is at http://lwn.net/Articles/145061/, for > Gentoo. > > Am I missing something, or do we just have to be careful when installing > sensitive stuff from Extras? http://fedoraproject.org/infofeed/inputs/fc4-extras.xml You could subscribe to that RSS news feed and skim over the update package changes there.
