package, package2, package3 naming-with-version exploit
Adam Williamson
awilliam at redhat.com
Thu Mar 28 22:35:13 UTC 2013
On 28/03/13 03:01 PM, Nico Kadel-Garcia wrote:
>
>
> Nico Kadel-Garcia
> Email: nkadel at gmail.com
> Sent from iPhone
>
> On Mar 28, 2013, at 15:43, Adam Williamson <awilliam at redhat.com> wrote:
>
>> On Thu, 2013-03-28 at 20:35 +0100, juanmabc wrote:
>>
>>> - pkg-1.0.x installed (and with its own updates)
>>> - pkg-2.0.x installed (and with its own updates)
>>> note the difference, *point and cause of all here*, from
>>> - pkg-1.0.x
>>> - pkg2-2.0.x
>>
>> That's a very trivial difference; it barely exists. The hyphen isn't
>> some kind of magical character for RPM, so the difference between 'pkg2'
>> and 'pkg-2' is entirely aesthetic.
>
> No, it's critical to yum and RPM. It's like the difference between "dd" and "ddd", they are entirely distinct packages. The link between them as providing versions of the same packages and dependencies is manual for good reason.
>
> It's unavoidable because open source cannot update all dependencies simultaneously. Gcc and autoconf remain canonical examples of this.
I think you completely misread my post, and the context of it.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list