On 2/24/23 12:35 PM, Gordon Messmer wrote:
On 2023-02-24 07:42, Robert Marcano via devel wrote:
Does DNF on RHEL for example do something different when --security is
involved? Because the RHEL documentation talks about it as a feature
to use. Is a lack of metadata for previous updates the problem or the
implementation?
I don't have the log, but I checked this about a month ago:
I can set up an 8.3 system (I used a UBI container, to be specific) and
subscribe to Red Hat's repositories. Since 8.3, there has been a
security update to bash, but the most recent bash package is not a
security fix. If I run |dnf update --security bash|, the system will
offer the most recent bash package, even though it is not a security
fix. Naturally, if I run |dnf update bash|, I get the same offer.
So on RHEL, dnf will evidently offer to update a package to the current
version if any of the available update candidates are marked as a
security update. And there are multiple update candidates in RHEL
repositories, as well as CentOS Stream repositories, unlike Fedora.
Thanks for testing it. So, if there is a desire to "fix" this in Fedora,
having the repository includes the latest package marked as a security
update and the latest one. I am not sure that will solve much because it
still depends, as other posts said, Fedora has more open rules for
updates, than enterprise distributions and therea are entire version
jumps without tracking errata metadata.
So, from my point of view the biggest problem with "dnf update
--security" on Fedora is that rpm doesn't track minor-version
dependencies of libraries without versioned symbols, which means that
"dnf update --security" can easily break the system by updating a leaf
package but not updating dependencies that have added new interfaces
that it requires. (But I'm working on fixing that.)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
