Fedora Updates: whole packages vs patches
Jorge Fábregas
fabregasj at prtc.net
Thu Dec 9 17:56:31 UTC 2004
Hello everyone,
This will be a "back to basics" question :)
I've been thinking about the current Fedora update mechanism vs other distros.
For example, SuSE provides bugfixes and security-updates through patches (via
rpm of course).
Imagine there's a package called foo1.4-1.rpm (size 10 MB) and that somebody
finds a serious security vulnerability in this program. The code responsible
for this issue resides in just one library (foo.so).
A couple of days later the issue is solved. The library interface hasn't
changed. The compiled library is just 1k.
Possible solutions to distribute this:
1- create an rpm with just that file (thus...it will be a patch rpm). size 1K
2- package the whole application (including new compiled library) as
foo1.4.-2.rpm which has a size of 10MB.
As you can see, on the 2nd option (Fedora's way), we're getting a 10MB package
update for that 1K library replacement. Isn't that an overhead? Is it worth
it?
I personally like our current system. I think manegeability-wise is much
better. On the other scenario, I'll have to look at an rpm version and
release and also query the rpm database looking for patches (to see if
there's a patch associated with my package).
Comments are welcome!
Thanks,
Jorge
More information about the fedora-list
mailing list