One option smart needs to conquer the world

Ben Segall ben77 at aol.com
Thu Feb 23 07:18:43 PST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm guessing that you could make it so that an option specifies
undowngradeable packages like lock specifies unchangeable ones

Tim Fenn wrote:
> On Wed, Feb 22, 2006 at 11:58:59PM +0100, Pascal Bleser wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> Gustavo Niemeyer wrote:
>>>> Alternative Policies for 'smart upgrade' would probably be a
>>>> good thing. For instance, I would really like a policy
>>>> similar to 'apt upgrade' that does not Remove packages. (apt
>>>> dist-upgrade is used for an upgrade that can install and
>>>> remove packages)
>>>>
>>>> If there was an option that would prevent downgrading, then
>>>> the packager of smart for fedora could choose to enable it by
>>>> default, if they are so concerned. But users could choose
>>>> what they want.
>> Keep in mind that there is always a good reason for removing or
>> downgrading packages, it doesn't happen just for fun (unless
>> there would be a bug in smart's upgrade logic, which I doubt at
>> this point).
>>
>> The user is saying: I want to upgrade this and that.  Well, smart
>>  tries hard to do exactly that, even if it includes downgrading
>> or removing other packages.
>>
>> That sounds like exactly the correct behaviour.
>>
>
> I believe this as well, but it poses a major reason why distros
> like Fedora haven't adopted smart as a mainline tool (I tried to
> argue with the fedora crowd in favor of smart, but failed miserably
> and got burned):
>
> https://www.redhat.com/archives/fedora-devel-list/2005-November/msg01197.html
>
>
> The problem is that downgrading something to solve a dependency
> could be bad from a security standpoint (among other minor issues),
> and hence why some distros shy away from smart.
>
> I honestly don't know of a good solution - which should the
> sysadmin prefer: security or zero dependency problems?  I'd vote
> for the former, but I certainly sympathize with the latter.  Is
> there any middle ground short of adding the option in smart?
>
> Regards, -Tim Fenn
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFD/dJTA8GfNQdszLURAq+rAJ0SWqoB7lv0/AMpQetAMdNTsoTkMgCgrZw8
qwW6Jvw9g9X8egiWxzaSnuU=
=uFYJ
-----END PGP SIGNATURE-----




More information about the Smart mailing list