[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: firefox-2.0.0.8 Upgrade Problems in F7



On 10/24/07, Richi Plana <myfedora richip dhs org> wrote:
> As for the second issue (delaying non-essential updates which break), if
> we look at the most common use-case, we have the ff. actors: the package
> maintainer for the package that breaks (A), the package maintainer/s for
> the package that depend on the breaking one (B), and the users who do
> "yum update"s (C). It's my contention that (A)'s update should be
> delayed pending the resolution of (B)'s packages or a certain amount of
> time has passed. I won't even begin to argue who is responsible for
> coordinating with who ((A) or (B)). I just believe that (C) shouldn't
> have to be involved.

Point of fact... is there anything which depends on firefox that is
currently experience a depchain problem that is considered a mandatory
application?
Crap like yelp and devhelp and Miro are fundamentally optional
components. And you absolutely are not going to be able to make a
strong enough argument that firefox security updates should be delay
one milliseconds to keep optional packages from breaking. It just isnt
going to fly.  People who do not have these optional components
installed will suffer lapses in security unnecessarily.

Yes it absolutely sucks for the user who has these optional components
installed. Because that user is now required to make a choice.  You
can choose to uninstall the packages which have a dep problem or you
can choose to ignore that update because it causes dep problems.
Something like the yum-skip-broken  plugin package helps users make a
choice, by choosing to not install the update because of the dep
problems.  I'm not aware of a similar yum plugin which forces the
install of security updates, but perhaps such a plugin should exist to
round out the policy choices for end-users.

There's no getting around it. The fact that these application have
choosen to require libraries from firefox, when said libraries are
known to be unstable and non-conformant to established generally
accepted soname rules is the fundamental problem.  Until xulrunner
finds its way in, its absolutely up to the maintainers of packages
which depend on firefox to  know exactly the sort of problems thier
packages cause on every single firefox update since the dawn of time.
Honestly if I could do it I would forbid any package from depping
against firefox until xulrunner lands in Fedora to avoid this entirely
than to continue to work under the farce that the gecko libraries that
applications are depending are appropriate to rely on as a development
framework.

-jef"lost count of the number of times he's re-opened bugs about ff
deps since fc1 was released"spaleta


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]