I'm thinking, why not just have these as dump repositories (i.e. just signed packages) and then have dnf on each system stitch up a repo from them using createrepo locally. Then you don't need to teach bodhi anything. And the number of such urgent packages would always be very low. Essentially an intersection of critical path and high severity CVEs.
In the meantime, when the regular bodhi composer job sees them, it picks them up and puts them into updates/updates-testing, as required. -- Bojan _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
