[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: firefox-2.0.0.8 Upgrade Problems in F7



Jeff Spaleta <jspaleta <at> gmail.com> writes:
> You are absolutely NOT going to see security updates postponed for
> deps to catch up.

I don't think that's a good way to handle things. I think almost every user has 
at least one of the affected packages installed, so what will happen will be 
that best case they have something like yum-skip-broken, apt or smart which can 
skip the Firefox update automatically (so why is it being pushed then?), worst 
case they'll end with NO security updates applied at all. (OK, they could also 
be using something like apt-get dist-upgrade which will delete the packages 
depending on Firefox, but that's not really a solution either, and most likely 
they'll just choose to hold back Firefox instead, putting us back to square 
one.)

Now, I can understand breaking deps for a package with few users and/or no 
active maintainer (it's still a bad thing, but sometimes a tradeoff has to be 
made), but not for a dozen packages (some of them installed on a lot of 
machines) which weren't even given a chance to rebuild.

What my personal suggestion would be is to:
* have the dependent packages centrally rebuilt (by rel-eng?) as soon as 
Firefox is built,
* have the Firefox security update held off until the rebuilds are complete. 
That shouldn't amount to more than one day of delay, much less than the delay 
those updates go through for most users with the current system (due to broken 
deps). Of course, if a rebuild fails for whatever reason, pushing the new 
Firefox anyway, breaking the dep, is probably the best that can be done.

        Kevin Kofler


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]