yum made selinux break dhcpd and named
James Wilkinson
james at westexe.demon.co.uk
Fri Jan 21 17:38:06 UTC 2005
Rodolfo J. Paiz wrote:
> For a production box, one where reliability and security are important,
> never force anything. In your case yum was *not* broken, but rather
> reporting a very real problem and refusing to take action. Forcing
> things leads to actions that cannot easily be undone and may wreak
> bloody havoc on your system... never a good idea. If it cannot be done
> without force, investigate *why* that is, and usually there will be a
> good reason for that.
And I *thoroughly* agree with that ...
... but in the context of William John Murray's:
> But I forced through other updates by
> doing things like "yum update 'a*'"
I don't think "forced" was the best choice of phrase, and Rodolfo's
advice doesn't apply.
Yes, yum was reporting a real problem, and forcing through updates to
override the broken dependencies would have been ... suboptimal.
But "yum update a*" wouldn't override broken dependencies. All William
was doing was updating packages that were not affected by the broken
dependencies. RPM is good (too good?) at picking up dependencies, so
it's highly unlikely that the new packages absolutely needed the new
versions of the problem packages.
It's theoretically possible that this might have broken something: all
changes to a running system have the possibility to cause problems. In
practice, this is equivalent to running yum update against a repository
which had yet to replicate the problem packages.
And in any case, yum update a* leaves the RPM database in a good
condition: it would be easy to roll back to a previous version of the
package, or install a fixed version now that is available.
It's arguable that yum should install what it can anyway: I'd agree. The
chances of missing important security updates due to unrelated packaging
problems is too high.
James.
--
James Wilkinson | This was, apparently, beyond her ken. So far beyond
Exeter Devon UK | her ken that she was well into barbie territory.
E-mail address: james | -- J. D. Baldwin
@westexe.demon.co.uk |
More information about the fedora-list
mailing list