Yum failing me...
Paul Howarth
paul at city-fan.org
Wed Jul 27 14:26:00 UTC 2005
Dotan Cohen wrote:
> On 7/27/05, Paul Howarth <paul at city-fan.org> wrote:
>
>>It's a dependency issue in Fedora Extras that should be resolved in a
>>day or two.
>>Try using yum --exclude=libcd\* update
>
>
> Didn't work for me, Paul. I'll just wait the day or two, I guess.
What output are you getting from yum now?
Does "yum --disablerepo=extras update" work any better?
> Seems lacking that because of one missing dependancy in a non-critical
> application, yum won't even update security issues.
There are good reasons behind the way yum works. It's a generic tool and
it doesn't know the difference between a security-critical package and a
set of fonts, so it has to treat all packages the same.
> Imagine this: JoeHacker discovers a security flaw and writes code to
> exploit it. He knows that people will yum-update, so he breaks a
> dependancy in a package that he maintains in yum.
That presupposes that people are using repos that Joe Hacker can write
to. If he can do that, he doesn't need to mess around with dependencies,
he can basically install whatever software he wants on those people's
machines, unless his attempt is spotted by one of his peers at that repo
when he adds that "feature".
Paul.
More information about the fedora-list
mailing list