Package EVR problems in EPEL 2008-01-20

[Joel Andres Granados]

Michael Schwendt wrote:
> On Mon, 21 Jan 2008 15:03:06 +0100, Joel Andres Granados wrote:
> 
>> Michael Schwendt wrote:
>>> On Mon, 21 Jan 2008 10:39:42 +0000, José Matos wrote:
>>>
>>>> On Sunday 20 January 2008 19:42:55 buildsys wrote:
>>>>> python-imaging: jamatos AT fc up pt
>>>>>   EPEL4 > EL5 (0:1.1.6-3.el4 > 0:1.1.5-5.el5)
>>>>   Was not this solved before?
>>>>   According to the cvs the last version available is
>>>>
>>>> %changelog
>>>> * Mon Jul 23 2007 Joel Andres Granados <jgranado at redhat dot com> - 
>>>> 0:1.1.4-1
>>>> - Build python-imaging for EPEL4 with the version from FC3.  EPEL4 are 
>>>> packages
>>>> - that can be installed in RHEL4**.
>>>>
>>>>   IIRC we had downgraded to cope with the inclusion of it in EL5. This was 
>>>> done before the official launch of EPEL so I have no clue what has gone 
>>>> wrong.
>>> Depends on who "we" is. You cannot downgrade a package without asking the
>>> epel-signers to delete a newer package in the repo. The repo shows that an
>>> older package was pushed several months after the higher version:
>>>
>>> http://download.fedora.redhat.com/pub/epel/4/SRPMS/
>>>
>>> [ ]	python-imaging-1.1.4-1.src.rpm 	25-Jul-2007 11:03 	418K	 
>>> [ ]	python-imaging-1.1.6-3.el4.sr..>	02-Mar-2007 18:20 	436K	 
>> This is extremely strange.
>> 1. This didn't come up before :) I've been checking the EPEL fairly regularly
>> to see if python-imaging had any problems and it had never come up.  Since 
>> the 1.1.4 appeared after 25-Jul, it should have screamed immediately 
>> (assuming that the 1.1.6 version was there)
> 
> The upgradecheck script doesn't run automatically. The upgrade path
> between RHEL4 and 5 is not so important [1]. More important is the fact
> that packages in 4 and 5 are out-of-sync somehow and might differ in
> number of patches or even differ in %version. That's where the script
> helps.
> 
> [1] Generally, however, and more important for platforms like Fedora,
> upgrade path problems bear the risk of causing dependency problems
> (e.g. when the old dist links against other libs than the new dist).
> 
>> 2. I started co maintaining the EPEL package with jamatos around jul-2007, so 
>> the 1.1.6 version must have been there already (IMHO).  Can we actually
>> know who pushed it?  Maybe it was automatically brought in :).
> 
> Yes, it can be seen who pushed it. File ownership tells that. But that
> doesn't say who should have removed the 1.1.6 version in case there was a
> request to do that.
> 
>> 3. I checked my email logs and verified that the issue was discussed around Jul-2007
>> I cannot find earlier mails about the package ( I subscribed around Jul-2007, so
>> apologies if I'm wrong)
>>
>> Don't know what to make of it. So I assume from "You cannot downgrade a package 
>> without asking the epel-signers to delete a newer package", that the solution 
>> is to delete the newer package. right?
> 
> Mail the repo admins in accordance with the EPEL FAQ in the Wiki and
> request removal of the 1.1.6 package. (it is enough to delete the src.rpm
> and let repoprune kill the various binaries)
> 

ok.  sent mail to EPEL signers group. :)
Thx for the help.
Regards

-- 
Joel Andres Granados
Red Hat / Brno, Czech Republic