Drawing lessons from fatal SELinux bug #1054350

Reindl Harald h.reindl at thelounge.net
Fri Jan 24 15:06:21 UTC 2014


Am 24.01.2014 15:55, schrieb Ralf Corsepius:
> On 01/24/2014 01:39 PM, Kevin Kofler wrote:
>> Adam Williamson wrote:
>>> Even if we can do it on the mirrors, we have no way to 'recall' a
>>> package from systems where it's already been installed (of course in the
>>> current case that wouldn't have worked anyway, but we're discussing the
>>> generic case here).
>>
>> Crazy idea of the day: Maybe our update tools should default to distro-sync
>> rather than update?
> No, for 2 reasons:
> 
> a) This would blow away all installed packages, which aren't available in permanently enabled repos

that is not true, try it out

otherwise some packages would be not installed on my machines after a dist-upgrade
namely the ones never came from any repo and installed locally

> Most common such case is having selectively installed packages from updates-testing, because users are facing
> problems with these packages' nominal versions

*that* is the reason not to do so because it would downgrade anything updated
explicitly from updates-testing,kde-testing,koji which would be a bad default

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140124/398eb2b9/attachment.sig>


More information about the devel mailing list