Drawing lessons from fatal SELinux bug #1054350

Kevin Kofler kevin.kofler at chello.at
Fri Jan 24 12:39:33 UTC 2014

Adam Williamson wrote:
> Even if we can do it on the mirrors, we have no way to 'recall' a
> package from systems where it's already been installed (of course in the
> current case that wouldn't have worked anyway, but we're discussing the
> generic case here).

Crazy idea of the day: Maybe our update tools should default to distro-sync 
rather than update? Together with ensuring timestamp monotonicity on the 
metadata (don't accept older metadata if you already have newer one), it 
would allow easily pulling faulty updates (except when RPM is broken as in 
this case, of course) and could even render the dreaded Epoch hack obsolete.

        Kevin Kofler

