On Mon, 2005-05-23 at 19:45 +0200, Michael Schwendt wrote: > On Mon, 23 May 2005 19:37:47 +0200, Tomas Mraz wrote: > > > Are there any guidelines when to use %config and when %config > > (noreplace)? How about "Always use noreplace unless your best guess is that it will break things"? AFAICS there are really only two situations where noreplace is likely to break stuff: 1) An app is being upgraded from an earlier version which had incompatible config files which will break the new version. 2) An app is being installed for the first time from a rpm, and a file marked as config in the package was already present on the system before installing the package, AND it's not likely that the app being installed would work with the config file that was already present on the system. > > If you look at this bug report: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158568 > > > > Currently in FC-3 the ca-bundle.pem file is not %config at all. This is > > obviously wrong because if sysadmin changes this file (and it's > > legitimate to do so) he will lose his changes after openssl update. > > > > However it's questionable if it should be %config(noreplace) because > > then he will not get the changes (new CA certificates) on update. > > What's more important...? > > [ ] sysadmin gets an *.rpmsave config file during upgrade > [ ] sysadmin gets an *.rpmnew config file during upgrade (also consider the *.rpmorig case here) If a sysadmin has installed new CA certs into ca-bundle.pem, most likely it has been done in order to get something working. Not getting the new CA certs is less likely to break stuff and thus less evil IMO. Optimally, the contents of the old and new ca-bundle.pem should be intelligently merged (ha!) on upgrades. Not sure if it's worth even trying to implement that though.
