Yum failing me...
Dotan Cohen
dotancohen at gmail.com
Thu Jul 28 15:26:21 UTC 2005
On 7/27/05, Paul Howarth <paul at city-fan.org> wrote:
>
> What output are you getting from yum now?
>
> Does "yum --disablerepo=extras update" work any better?
>
> > Seems lacking that because of one missing dependancy in a non-critical
> > application, yum won't even update security issues.
>
> There are good reasons behind the way yum works. It's a generic tool and
> it doesn't know the difference between a security-critical package and a
> set of fonts, so it has to treat all packages the same.
>
> > Imagine this: JoeHacker discovers a security flaw and writes code to
> > exploit it. He knows that people will yum-update, so he breaks a
> > dependancy in a package that he maintains in yum.
>
> That presupposes that people are using repos that Joe Hacker can write
> to. If he can do that, he doesn't need to mess around with dependencies,
> he can basically install whatever software he wants on those people's
> machines, unless his attempt is spotted by one of his peers at that repo
> when he adds that "feature".
>
> Paul.
Thanks, Paul. I just updated successfully, without any special
parameters. Tell me, how carefully watched are the people who maintain
packages in, say, extras? Can these repros really be trusted in that
sense? I guess that I am, in a way, letting the maintainers of the
repros add anything that they like to my system- I don't have the
knowledge to go over every last package, and as a home user, I do not
plan on aquiring that knowledge.
Dotan
http://lyricslist.com/lyrics/artist_albums/311/linkin_park.php
Linkin Park Song Lyrics
More information about the fedora-list
mailing list