T. 'Nifty New Hat' Mitchell
mitch48 at sbcglobal.net
Sat Jun 19 16:14:32 UTC 2004
On Fri, Jun 18, 2004 at 12:42:31PM -0700, Dave Roberts wrote:
> So, can somebody explain this sequence of Yum runs to me? These are all
> run back to back. I first do a "yum list updates." Yum tells me that the
> libpng packages are due for update. I then run "yum -y update" to get
> them all, and it tells me that there are no packages available for
> update and no actions to take. Then, I run it again ("yum -y update")
> and it goes ahead and does the update. I have had this happen to me a
> few times so far.
> Problem with yum? Problem with my config? This is on a stock FC1 system
> with all patches applied up till now.
This is an issue of notification and a race to get all the mirrors
updated. The headers used by the yum process (in both yum and up2date)
are telling you that there is an update but the randomly selected
mirror does not yet have the package.
The good news is that we are promptly aware that there is an update.
The solution is to retry after waiting an appropriate length of time.
Most current mirrors sync up twice a day so I would wait four to six
hours. If the update contains a LARGE package like kernel it makes sense
to wait six not four hours.
The key is to be kind to the mirrors and let them have as much
bandwidth as possible to get their copy of the update yet still retry
often enough to get the package inside the attack window (zero day?).
SWAG, On big packages we can expect overloads on the mirrors to
trigger fail over code for mirror selection. Thus we fail over and
eventually catch a server that does not have the file. Just retry
after appropriate length of time. Can we say exponential back-off?
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-list