When applying the security patches with scap apply-patches --train, it immediately completed leaving me to wonder whether the patches actually got applied. I eventually looked at the available patches and checked the affected repositories to confirm.
It would be nice to print the list that got applied / or already applied.
Beside that, it is a great functionality. It definitely saves a noticeable amount of time. Thanks for that!
Also, apply-patches can fail in various cases, if patches don't all apply cleanly. It should never fail for that, and should be atomic: either all patches have been applied, or none.