Package EVR problems in EPEL 2008-01-20

[Michael Schwendt]

On Mon, 21 Jan 2008 15:03:06 +0100, Joel Andres Granados wrote:

> Michael Schwendt wrote:
> > On Mon, 21 Jan 2008 10:39:42 +0000, José Matos wrote:
> > 
> >> On Sunday 20 January 2008 19:42:55 buildsys wrote:
> >>> python-imaging: jamatos AT fc up pt
> >>>   EPEL4 > EL5 (0:1.1.6-3.el4 > 0:1.1.5-5.el5)
> >>   Was not this solved before?
> >>   According to the cvs the last version available is
> >>
> >> %changelog
> >> * Mon Jul 23 2007 Joel Andres Granados <jgranado at redhat dot com> - 
> >> 0:1.1.4-1
> >> - Build python-imaging for EPEL4 with the version from FC3.  EPEL4 are 
> >> packages
> >> - that can be installed in RHEL4**.
> >>
> >>   IIRC we had downgraded to cope with the inclusion of it in EL5. This was 
> >> done before the official launch of EPEL so I have no clue what has gone 
> >> wrong.
> > 
> > Depends on who "we" is. You cannot downgrade a package without asking the
> > epel-signers to delete a newer package in the repo. The repo shows that an
> > older package was pushed several months after the higher version:
> > 
> > http://download.fedora.redhat.com/pub/epel/4/SRPMS/
> > 
> > [ ]	python-imaging-1.1.4-1.src.rpm 	25-Jul-2007 11:03 	418K	 
> > [ ]	python-imaging-1.1.6-3.el4.sr..>	02-Mar-2007 18:20 	436K	 
> 
> This is extremely strange.
> 1. This didn't come up before :) I've been checking the EPEL fairly regularly
> to see if python-imaging had any problems and it had never come up.  Since 
> the 1.1.4 appeared after 25-Jul, it should have screamed immediately 
> (assuming that the 1.1.6 version was there)

The upgradecheck script doesn't run automatically. The upgrade path
between RHEL4 and 5 is not so important [1]. More important is the fact
that packages in 4 and 5 are out-of-sync somehow and might differ in
number of patches or even differ in %version. That's where the script
helps.

[1] Generally, however, and more important for platforms like Fedora,
upgrade path problems bear the risk of causing dependency problems
(e.g. when the old dist links against other libs than the new dist).

> 2. I started co maintaining the EPEL package with jamatos around jul-2007, so 
> the 1.1.6 version must have been there already (IMHO).  Can we actually
> know who pushed it?  Maybe it was automatically brought in :).

Yes, it can be seen who pushed it. File ownership tells that. But that
doesn't say who should have removed the 1.1.6 version in case there was a
request to do that.

> 3. I checked my email logs and verified that the issue was discussed around Jul-2007
> I cannot find earlier mails about the package ( I subscribed around Jul-2007, so
> apologies if I'm wrong)
> 
> Don't know what to make of it. So I assume from "You cannot downgrade a package 
> without asking the epel-signers to delete a newer package", that the solution 
> is to delete the newer package. right?

Mail the repo admins in accordance with the EPEL FAQ in the Wiki and
request removal of the 1.1.6 package. (it is enough to delete the src.rpm
and let repoprune kill the various binaries)