[Fedora-packaging] Re: kmdl proposal and kmod flaws
seth vidal
skvidal at linux.duke.edu
Wed Aug 9 15:29:05 UTC 2006
On Wed, 2006-08-09 at 17:13 +0200, Axel Thimm wrote:
> On Wed, Aug 09, 2006 at 09:38:54AM -0400, Jack Neely wrote:
> > > > Okay...walk me through this then:
> > > >
> > > > Assuming no yum plugins or other mess.
> > > >
> > > > A new kernel is available that corrects some random remote DoS. How do
> > > > I get all 1300 machines to pull down the new AFS modules?
> > >
> > > It's in the wiki, but here it comes again:
> > >
> > > o current kernel module scheme w/o any special depsolver handling:
> > > - broken on rpm level, inherits on all depsolvers
> > > - Modules of the current kernel get nuked whether you reboot into
> > > the new kernel or not
> >
> > Wrong. Both up2date and yum have always marked packages that provide
> > 'kernel-modules' as install only for several years now. Modules don't
> > get "nuked" unless you rpm -U.
>
> Wrong x 3:
>
> o not always, neither yum, not up2date initially had any
> "kernel-module(s)" support
> o first implementation had a typo mismatch, kernel-modules vs
> kernel-module. In fact effectively its a very young approach, I
> think this was fixed less than a year ago
2003-11-21 01:24 skvidal
* nevral.py:
make packages providing 'kernel-modules' installonly.
that was yum 2.0.X
> > > + but the new kernel gets its kernel modules (and only the new
> > > kernel ...)
> >
> > This point has been used in practice by several large universities.
> > I've been doing this for about 6 years. While not perfect its been
> > proven to be acceptable and allow machines to remain fulled patched.
>
> 6 years? So you've been using yum's secret unannounced and NSA
> sponsored version back then, huh? ;)
>
we used the idea in yup prior to yum.
That was about 2000->2001, iirc so yes, about 6 years.
> > NC State University. Duke. I believe Matt at Boston U. has used
> this
> > approch in the past as well.
>
> And I know large universities that extensively make use of proprietary
> operating systems, so what exactly does that say? Mass does not imply
> infallibility.
>
I don't think he was alleging that. I think he was saying there are some
big users with large installations who have used it and it works.
that's all.
-sv
More information about the Fedora-packaging
mailing list