<p dir="ltr"><br>
On Jan 19, 2014 8:57 PM, "Michael Schwendt" <<a href="mailto:mschwendt@gmail.com">mschwendt@gmail.com</a>> wrote:<br>
><br>
> On Sun, 19 Jan 2014 20:32:26 +0200, Jonathan Dieter wrote:<br>
><br>
> > If scriptlet failures weren't fatal, we wouldn't have the problem we<br>
> > have now with duplicate packages. We could have just pushed the selinux<br>
> > update,<br>
><br>
> After installing the previous bad update that breaks scriptlets, how would<br>
> you activate the new selinux policy within the fixed package's %post scriptlet?<br>
> Instead of updating to the package in permissive mode, you would need to<br>
> run the scriptlet contents manually *and* still reinstall any package were<br>
> the scriptlets failed.</p>
<p dir="ltr">I was focusing on the fact that scriptlet failures lead to duplicates in the rpm database, but, you're right, it's not the main problem.</p>
<p dir="ltr">I still think there's a good case for making scriptlet errors non - fatal, but, in this situation, it would have had a minimal benefit. </p>
<p dir="ltr">> > [...] then bumped the release for all updates in the last few pushes,<br>
> > and then rebuilt them.<br>
><br>
> How do you know which packages a user has tried to install/update _after_<br>
> updating to the bad policy package? It could be any package within the package<br>
> collection that would remain installed but broken because of the scriptlets bug.<br>
> You assume that users have only applied the few updates following the bad<br>
> selinux policy update.</p>
<p dir="ltr">ACK. I didn't think this part through properly. </p>
<p dir="ltr">Jonathan </p>