FESCo wants to ban direct stable pushes in Bodhi (urgent call for feedback)

Kevin Kofler kevin.kofler at chello.at
Sat Feb 27 13:55:41 UTC 2010

Ville Skyttä wrote:
> That "reason" could be a bad Obsoletes in the new package.

That's why I said "new packages that don't replace anything" in my original 
message. If they Obsolete something else, then they're not really new 

> And even the new Name and Provides from the new package may result in it
> being pulled in along with other updates to satisfy dependencies without
> being explicitly asked for.

Well, true, new packages which Provide some common virtual Provides like 
bluez-dbus-pin-helper also need the same scrutiny as upgrades to explicit 
packages. That's not the common case though, and it happening due to Name 
alone is very unlikely (it would mean something else Provides that name and 
a third package depends on it by name).

> When either of these happens, it in my opinion qualifies as the new
> package being installed automatically, and because there are several ways
> new installed packages can break existing systems, the combined results is
> that it is very much possible for newly introduced packages to
> "automatically break existing systems".

New packages which don't Obsolete existing packages or Provide existing 
provided names cannot cause any of the above. (They may technically trigger 
broken triggers, but it's extremely unlikely that an existing package has a 
trigger on something not previously in Fedora. If it's an outright malicious 
trigger, like "delete everything if somebody installs package foo", then we 
have a much bigger problem than update stability!)

        Kevin Kofler

More information about the devel mailing list