yum question, reverting to old packages.

Richard Hally rhally at mindspring.com
Sat Sep 2 17:32:24 UTC 2006 

Jesse Keating wrote:
> On Sat, 2006-09-02 at 12:56 -0400, Richard Hally wrote:
>> Yup, I agree that --force and/or --nodeps are a Bad Idea. I'm
>> suggesting 
>> that --oldpackage is different.
> 
> I'm failing to see how --oldpackage would be different.  Packages are
> designed to go forward.  If a horrible mistake was discovered in a
> package, an update is crafted to carefully repair the damage.  However
> forcefully installing an OLDER package may not do the cleanup correctly
> and may actually trigger the horrible mistake to take action.  There is
> UNDEFINED results here and they shouldn't be played with on a user's
> system.
> 
>> Also, --erase <current pkg> followed by --install <previous pkg>
>> should 
>> not produce "bad results". If it does, there is something wrong with
>> the 
>>   particular package design. 
> 
> Or just a horrible mistake in the packaging.  Case in point a %postun
> that is conditional to run for a final removal, not an upgrade.  If you
> remove the package, that particular postun will occur and could be
> something horrible like rm -rf / (wheee hyperbole!).  However a new
> package could be released which fixes this horrible mistake.  You'd be
> Upgrading to the newer package, so the postun for final removal wouldn't
> be triggered.
> 
> Scriptlets are fun.  All kinds of evil can be embedded in them, and rpm
> has no real mechanism to sanitize, track, or recover from anything a
> scriptlet may do.  And even if it did, somebody'd just make a scriptlet
> that removed whatever database rpm used to keep track of such changes.
> Whoops!
> 
> I personally think its good that yum decides to not play Russian
> Roulette with a user's system, preferring to stick to actions that are
> not 'overrides' of rpm's basic protective natures.
> 
> 
Ok, ok. So if a user is going to shoot themselves in the foot they have 
to use rpm rather than yum to do it.
If the packager screws up, all bets are off. But that is the case anyway 
isn't it?
So maybe we should remove --oldpackage/--nodeps/--force from rpm. It 
follows the gnome 'dumb it down' approach. At least the user will have 
less opportunity to screw up but will also have less capability to 
recover from a packager mistakes. ;-)

Richard

More information about the fedora-devel-list mailing list