Ville Skyttä wrote: > That "reason" could be a bad Obsoletes in the new package. That's why I said "new packages that don't replace anything" in my original message. If they Obsolete something else, then they're not really new packages. > And even the new Name and Provides from the new package may result in it > being pulled in along with other updates to satisfy dependencies without > being explicitly asked for. Well, true, new packages which Provide some common virtual Provides like bluez-dbus-pin-helper also need the same scrutiny as upgrades to explicit packages. That's not the common case though, and it happening due to Name alone is very unlikely (it would mean something else Provides that name and a third package depends on it by name). > When either of these happens, it in my opinion qualifies as the new > package being installed automatically, and because there are several ways > new installed packages can break existing systems, the combined results is > that it is very much possible for newly introduced packages to > "automatically break existing systems". New packages which don't Obsolete existing packages or Provide existing provided names cannot cause any of the above. (They may technically trigger broken triggers, but it's extremely unlikely that an existing package has a trigger on something not previously in Fedora. If it's an outright malicious trigger, like "delete everything if somebody installs package foo", then we have a much bigger problem than update stability!) Kevin Kofler -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel