At the present, the yum repo database mushes together security and non-security updates in such a way that makes it inefficient to search just for high-priority security updates. It would be nice (tm) if createrepo and yum --security could coordinate a new facility whereby security updates were also put into a separate, stripped, smaller database that would allow more-nearly-instant yum --security check-update. This could lower the barrier against more frequent checks/updates.
Changing component to dnf, we don't plan to implement any features in yum unless they are critical for significant number of users. For further evaluation I'll just say this. Let's disregard the "how" part and focus on the "what" part. If I understand it correctly, the request here is to lower the performance barriers for security updates to make users apply security updates more often. The first step here would be to figure out how big those barriers really are, especially in dnf. The next thing would be to find out if there is something we can do about the situation without any hackish solutions. Frank, if you provide more detailed information to justify your request in the context of dnf, it will be highly appreciated.
Indeed, Frank can you please provide the concrete use case? What limitation are you hitting with Yum and the same once bug 850912 is resolved for DNF? Thanks!
Ales, Jan, the idea is just as we both said above: to make it painless for a security-update search to run effortlessly quickly, so a user does not have to wait for dnf-cron multi-hour latencies, or multi-second large downloads. (Just the textual list of "yum --security list" names compresses down to about 40kb.) So basically I'm imagining hourly or more frequent security check-updates.
... and something light enough to be done automatically during cloud-init / boot.
*** This bug has been marked as a duplicate of bug 850896 ***