Marcelo M. Garcia wrote: > Hi. > > I'm assuming that something similar to this might happened: > Package Managers As Achilles Heel > http://it.slashdot.org/article.pl?sid=08/07/10/227220&from=rss > > It would help a lot if someone of the infrastructure team explains what > is going on. What raised their suspicious? What we, as users, should do? > > Regards > > Marcelo > Two things bother me about this. First of all, most users are not using the same mirror all the time, so there would only be a brief window that the system would be vulnerable. The second thing is that yum is not going to install an older package, and the package version is not dependent on the file name. It is part of the information in the RPM. So they could delay the installation of an update on some systems. By default, yum picks a mirror at random from the mirror list to help spread the load on the mirrors. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
