On Sat, 1 Aug 2015 07:33:39 -0400 Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: > On Fri, Jul 31, 2015 at 3:14 PM, Richard Hughes <hughsient@xxxxxxxxx> > wrote: > > On 31 July 2015 at 17:27, Radek Holy <rholy@xxxxxxxxxx> wrote: > >> One can say that the mirrors should keep the older versions > > > > I would completely agree. As we can't rely that packages referenced > > in metadata just one day old still being on the mirrors means that > > PackageKit has to download hundreds of megabytes month more than it > > has to. > > > > Richard. > > In the RHEL world, EPEL has bitten me really hard this way several > times, especially when packages are discarded and no longer present in > EPEL. So it's worth thinking about in general for RPM based systems. So, here's the things to consider: * Keeping 2 versions of every package will double mirror space. This may result in some mirrors dropping things or stopping bothering mirroring Fedora at all. * repodata will likewise be 2x (or at least increased a great deal). Resulting in a bunch more downloading for everyone not just the folks who might want to downgrade sometimes. * There could be some nasty issues with keeping known vulnerable/broken packages around. ie, foo-1.0 has a severe security bug, foo-1.1 fixes it. You now just need to trick someone into downgrading or directly installing foo-1.0 (which is in normal repos and signed and completely valid looking). But it's not clear exactly what you 3 are proposing (or even if it's the same thing). :) So, perhaps you could clarify what exactly you want to do? kevin
Attachment:
pgpsFWKjLP9LC.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
