SELinux RPM scriplet issue annoucement

Reindl Harald h.reindl at
Sun Jan 19 19:03:14 UTC 2014

Am 19.01.2014 19:57, schrieb Michael Schwendt:
>> [...] then bumped the release for all updates in the last few pushes,
>> and then rebuilt them.
> How do you know which packages a user has tried to install/update _after_
> updating to the bad policy package? It could be any package within the package
> collection that would remain installed but broken because of the scriptlets bug.
> You assume that users have only applied the few updates following the bad
> selinux policy update

this case is *very* special because you also need to realize *what*
update before breaks the scriptlets and that it break all scriptlets

zero chance to figure that out for 99 out of 100 users

you only need to look at the amount of reports that other packages
seems to be broken to get the picture

that case seems to be unavoidable without force every packager of
critical path updates to test them manually before they appear in
updates-testing and on bodhi at all and to catch the specific case
push the updates to testing after at least on their machine a
independent update was applied without problems - unlikely to happen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list