Drawing lessons from fatal SELinux bug #1054350
Ralf Corsepius
rc040203 at freenet.de
Fri Jan 24 14:55:57 UTC 2014
On 01/24/2014 01:39 PM, Kevin Kofler wrote:
> Adam Williamson wrote:
>> Even if we can do it on the mirrors, we have no way to 'recall' a
>> package from systems where it's already been installed (of course in the
>> current case that wouldn't have worked anyway, but we're discussing the
>> generic case here).
>
> Crazy idea of the day: Maybe our update tools should default to distro-sync
> rather than update?
No, for 2 reasons:
a) This would blow away all installed packages, which aren't available
in permanently enabled repos.
Most common such case is having selectively installed packages from
updates-testing, because users are facing problems with these packages'
nominal versions.
b) A much more common packaging bug class than the SELinux-case are
packages, which can not be uninstalled or downgraded or not be
downgraded properly. Classic such cases are packages with defective
rpm-scriptlets or with scriptlet which perform persistent changes.
Ralf
More information about the devel
mailing list