Drawing lessons from fatal SELinux bug #1054350

Ralf Corsepius rc040203 at freenet.de
Fri Jan 24 14:55:57 UTC 2014

On 01/24/2014 01:39 PM, Kevin Kofler wrote:
> Adam Williamson wrote:
>> Even if we can do it on the mirrors, we have no way to 'recall' a
>> package from systems where it's already been installed (of course in the
>> current case that wouldn't have worked anyway, but we're discussing the
>> generic case here).
> Crazy idea of the day: Maybe our update tools should default to distro-sync
> rather than update?
No, for 2 reasons:

a) This would blow away all installed packages, which aren't available 
in permanently enabled repos.
  Most common such case is having selectively installed packages from 
updates-testing, because users are facing problems with these packages' 
nominal versions.

b) A much more common packaging bug class than the SELinux-case are 
packages, which can not be uninstalled or downgraded or not be 
downgraded properly. Classic such cases are packages with defective 
rpm-scriptlets or with scriptlet which perform persistent changes.


More information about the devel mailing list