On Tue, Jun 26, 2007 at 12:44:42AM -0400, Matthias Clasen wrote: > On Tue, 2007-06-26 at 03:00 +0200, Axel Thimm wrote: > > On Mon, Jun 25, 2007 at 08:36:00PM -0400, Jesse Keating wrote: > > > On Monday 25 June 2007 20:31:51 Axel Thimm wrote: > > > > If for example glibc has been updated yum update foo will not pull it > > > > in. Try it. > > > > > > If it has been updated and the new update of foo will not run > > > without the newer glibc and there are no rpm requirements on said > > > newer glibc libraries, we've got much bigger issues. > > > > True, but that's everyday's packaging business and is called "lack of > > forward compatibiliy in libraries". Actually that was the reason for > > having to build against only securty updates onstead of the whole > > update repo given in the trimmed away quote of mine. > > > > Now to get to real example: Replace glibc with glib/gtk and friends, > > that keep the same soname since Moses' birth and add symbols on the > > row. You can build something on F7's glib and from a packaging POV it > > will still fit into FC5 or FC4, but when the app runs it will break > > with missing g* calls. > > As far as "glib, gtk and friends" are concerned, these do not at > any symbols in a stable branch, and Fedora release stay on a stable > branch, so your snide remarks are uncalled for, as far as these are > concerned. I'm sorry, but history says otherwise. Symbols have been added to *stable* releases, and many application were breaking when used on a previous *stable* release. I know that because I had been offering newer *stable* glib/gtk/atk/pango bits at ATrpms at about FC4 for an application that needed a fresher set, and users horrified by the "core updates bad" myth only used the applications, which would agree to install rpm-wise, but would spit the errors on the users' faces. I think one of the apps that was dying that way was synaptic. So that would had exactly happened if say synaptic had a security update built against a later "stable" glib/gtk/... set of packages and users trying to install the security update of synaptic on a non-updated (or updated only for security updates) system. So this is far from being an academic example. > And talking about F7 packages on FC5 or FC4 is really detracting > from the topic here, which is security updates within a single > Fedora release. You missed the point: I was just illustrating that rpm's checking is not that tight (it would had to go down to the symbol table, something that has often been considered but due to blowing up the database always abandoned) and will allow you to do lots of crazy things if the library decides to never bump its soname. I'm not suggesting to actually do that in any sense ... -- Axel.Thimm at ATrpms.net
Attachment:
pgpG7fgxyURFO.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
