yum module idea: force-install high-priority updates

[Naoki]

Michel Salim wrote:
> Today's Firefox update causes problems on machines with the liferea
> package from Fedora Extras, which depends on a specific version of
> Firefox. This sets me thinking: what if a vital security update is
> being pushed, and we don't mind breaking the packages that block the
> update for the time being?
>
> Not really familiar with yum's innards, but would it be possible to
> write a module that would, in case of high-security updates (probably
> marked as such in the repodata, and perhaps incorporating user input,
> e.g. --force-update glob and --ignore-force-update glob), remove
> conflicting packages, apply the update, and keep track of which
> packages were removed so that they can be automatically reinstalled
> when no longer in conflict.
>
> There might be a problem if the conflicting package is not available
> from any repository, but in general, does the idea seem sound?

Good pro-active idea, I've just never been a fan of trying to prioritize 
security patching, it's kind of like deciding which door in your house 
should get a lock first. Sure remote root is "worse" than random app X 
having a buffer overrun, but both could end up losing you data so at the 
end of the day it's the same pool full of marmots. 

Since it's hard to tell exactly how a security bug could be used against 
you it's best just to patch everything, always, as quickly as possible.

In this specific case I'd be wondering why liferea needs a very specific 
version of firefox. I just checked the app in question and it states a 
requirement of :
firefox = 1.5.0.7

I would propose that this isn't really normal behavior, to require a 
specific patch version unless API changed, which in this case I do not 
think happened.

So perhaps this could be brought to the attention of the lifrea 
maintainer first.