Yum packages (again)

Michael Schwendt mschwendt at gmail.com
Fri Feb 29 11:04:58 UTC 2008

On Thu, 28 Feb 2008 10:23:38 -0430, Patrick O'Callaghan wrote:

> [...] It would not be beyond reason for Yum to know that certain
> repos work well with each other and others don't,

That is not feasible.

Whether repositories are compatible with each other depends on their
contents, not on their repo ids. Users can give repositories arbitrary
names in the yum config files. Should Yum blacklist unknown repositories
by default? Once something has been installed from an unidentified repo,
it may be too late, because the system may have become incompatible with
other packages already.

Nowhere it is defined which repositories do work with each other. All are
supposed to be compatible with Fedora, because they are built for Fedora.
But there is a serious lack of man-power to ensure that all possible
subsets of repositories work with each other all of the time, too.

Sometimes they break things accidentally, and that alone can result in
a hard problem for the "naive user" you referred to. Because the
"naive user" doesn't ask for good help. The really "naive user" either
gives up (I've seen some who installed from scratch, avoiding extra
repos like the plague) or use Google to come up with a dangerous or
even malicious work-around like "rpm --force" installs or linking
libraries with different sonames to each other.

> and to warn the user when conflicts might occur. A plugin perhaps?

Yum cannot look into the future.

Normal conflicts, such as explicit "Conflicts:" tags in the packages
and file conflicts found during the RPM transaction check, are fatal
error conditions already. But it is not enough to prevent future
conflicts caused by adding repos.

Even if Yum ran an expensive repoclosure calculation whenever the
repository configuration changed would not protect from future breakage.

More information about the fedora-list mailing list