fedora-l] Re: RPM upgrade discussion

R P Herrold herrold at owlriver.com
Fri Jan 2 03:26:39 UTC 2004 

On Thu, 1 Jan 2004, Lucas Albers wrote:

> Bill Nottingham said:
> 
> > Yes, but pushing a new RPM with this will cause problems for
> > people installing original packages in the meantime.

> Won't this also break upgrades?

Yes, probably.  I feel one constraint on updates in an EOL
product should arguably seek to be as minimal and general in
nature, and support a given Major.Minor release as possible.
[somewhat in line with the Unix principle of 'least surprise']  

This was articulated in the rather nice Mark Cox piece at:
	http://www.redhat.com/advice/speaks_backport.html
wherein he notes:
>  We can't please everyone, and backporting annoys some users 
> who always want to be upgraded to the latest and greatest 
> releases. However, in general, customers are more interested 
> in stability, and the ability to minimise the changes needed 
> for their QA and deployment.

If a requirement of using fedora-legacy content is to also
move to a version of RPM which, during its support life RH QA
or RH Corporate did not see fit to issue for pre-RHL 9 (and
soon, all RHL variants), there is a strong obligation for
'fedora-legacy'to state this clearly to the sysadmin using it.

In the EOL context (as fedora-legacy project is), I lean to
the side for minimal 'intrusion', to satisfy security
requirements, but not to add functionality.  

There is a known path for recovery from the RPM 'stale locks'
issue which does NOT require a non-security RPM 'update' --
Others may come out differently in all good intent; but except
for the unresolved subtle RPM exploit path mentioned on a
public list (which should properly be resolvable as the
SELinux capability extensions are rolled in [which will not
happen in fedora-legacy]), a change to rpm-4.2.x is just a
"upgrade to the latest and greatest."  No thanks.


I saw also in this thread, some critique of the
http://www.rpm.org/ website continuing mention of using
--rebuilddb, in the process of recovery from 'stale locks' in
some RHL versions.

While it is an interesting datum that one person, using some
of Red Hat's (and self-built variants) in an unstated number
of hosts has found '--rebuilddb' unnecesary, it is also clear
that several reporters on the RH hosted rpm-list _have_ so
reported the utility of this approach in resolving such
problems.

As there is more to RPM than Red Hat's RHL variants (heck, I
answered a question on an RHL 5.2 rpm variant the other day),
as that site's editor I see no compelling reason to alter that
site's advice.

 -- Russ Herrold

More information about the fedora-legacy-list mailing list