package, package2, package3 naming-with-version exploit
Nico Kadel-Garcia
nkadel at gmail.com
Thu Mar 28 22:01:58 UTC 2013
Nico Kadel-Garcia
Email: nkadel at gmail.com
Sent from iPhone
On Mar 28, 2013, at 15:43, Adam Williamson <awilliam at redhat.com> wrote:
> On Thu, 2013-03-28 at 20:35 +0100, juanmabc wrote:
>
>> - pkg-1.0.x installed (and with its own updates)
>> - pkg-2.0.x installed (and with its own updates)
>> note the difference, *point and cause of all here*, from
>> - pkg-1.0.x
>> - pkg2-2.0.x
>
> That's a very trivial difference; it barely exists. The hyphen isn't
> some kind of magical character for RPM, so the difference between 'pkg2'
> and 'pkg-2' is entirely aesthetic.
No, it's critical to yum and RPM. It's like the difference between "dd" and "ddd", they are entirely distinct packages. The link between them as providing versions of the same packages and dependencies is manual for good reason.
It's unavoidable because open source cannot update all dependencies simultaneously. Gcc and autoconf remain canonical examples of this.
More information about the devel
mailing list