Jano Kupec wrote:
Hi, just to summarize, we need notification mechanism for package updates. All we currently have is the output from rpm (which gets printed only in zypper, and can be easily overlooked).
Not only that.
Does insnotify()/delnotify() work (where in the .spec file does one set it)? Can we use it? Bubli said it worked, but was too annoying and removed from UIs - maybe it wasn't used only for "must see" messages...
It is not sufficient. You want to tell user this fact only once, only and only if the old version was vulnerable and the new is not. This is different from insnotify(), which is called every time package is updated. As nobody is forced to install each update (especially in OBS), you cannot do it just for a single versions. It can even happen that one is updating from vulnerable SLES10 to fixed SLES11. Even then displaying of "must see" advisory is important. In the best case user should be warned every time package management is started online (from command line or GUI) until user confirms that advisory was read and action was taken (or considered not being affected). Confirming this message should be even more privileged action than installing a security update itself - on a typical desktop it's OK to click OK for update by user, but it's not OK to click "I reformatted all smart cards" by user. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbrabec@suse.cz Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org