Hi Volker,

* Organise the ftp server better. Some rpms get put up without notice.

Not all updates that show up are security relevant. But organizational issues need to be resolved, this is correct.

* Distinguish between security (= important) and maintanance (= I care if I need to) updates

Y.

* Use the mailing lists properly. Like RH, you could mark advisories as important (RHSA) or unimportant (RHBA). Any scheme will do. Although much improved, I am still not comfortable in trusting suse-sec-announce. Sorry, but redhat-watch inspires much more confidence. The not uncommon bugginess of SuSE's alerts doesn't help.

* Use long file names in all advisories and web pages to make life easier ("which version do I have / need to get?). That mentally deficient 8.3 is very annoying. I have used personnal computers of varying types since 1983, and was *never* forced to use 8.3, and now I switch to SuSE...

We will have to use both. Some people rely on 8.3 since they carry the rpms back home on a diskette from the windows box at work.

* Checking md5 sums of updated packages is tedious. The advisory's f87a61fe... ftp://suse/.../package-version.rpm is good to feed into wget, but that lines doesn't go into md5sum. As the sum in the advisory appears to be handpasted, or how can the large number of incorrect sums be explained?, the whole procedure is probably a waste of time anyway. USE GPG-SIGNING - NOW!

Is on its way. But not for 7.0 any more - time was too tight.

On the positive - I am still using SuSE :-)

Volker

:-) Thanks for the feedback, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -