Description of problem: The system administrators prefer to check security vulnerabilities and important bugs in systems by listing errata applicable to systems instead of update packages, I guess. And 'yum list-sec' (= list-updateinfo, etc.) precisely helps this. Currently, both dnf and dnf-plugins-core lack this function and cannot list applicable errata instead of update packages, so could you please consider to add security plugin or new command (list-errata/errata, list-advisory, advisories or something) or something does this in dnf or dnf-plugins-core ? And this might help resolving rhbz#1086288 also, I think. Version-Release number of selected component (if applicable): I looked git head code (both dnf, dnf-plugin-core and dnf-utils) but it seems there is no such plugins yet. Additional info: To implement this, dnf needs to fetch and load updateinfo metadata from repos. I'm not sure that updateinfo metadata is useful for other purposes, though, I made an experimental patch does this anytime on load and attached on this. (AFAIK, to make updateinfo fetch and load optional, modification of dnf.repo._Handle (adding 'updateinfo' in self.yumdlist to fetch it), dnf.base.Base._add_repo_to_sack (to load updateinfo) may be required, at least.)
Created attachment 899082 [details] An experimental patch to make updateinfo fetched and loaded in dnf
Hello, thanks for the RFE. Once the basic support for updates is done (we're working on it already) we'll see what can be done about the security plugin.
Thanks a lot for your quick response! Is there any git repo/branch for the updates support available ? I'm interested in its implementation. And if something I can help (testing, etc.), please let me know.
updateinfo function in the latest (0.6.0) version of dnf satisfy this.