Jesse Keating wrote:
On Sat, 2006-09-02 at 12:56 -0400, Richard Hally wrote:
Yup, I agree that --force and/or --nodeps are a Bad Idea. I'm
suggesting
that --oldpackage is different.
I'm failing to see how --oldpackage would be different. Packages are
designed to go forward. If a horrible mistake was discovered in a
package, an update is crafted to carefully repair the damage. However
forcefully installing an OLDER package may not do the cleanup correctly
and may actually trigger the horrible mistake to take action. There is
UNDEFINED results here and they shouldn't be played with on a user's
system.
Also, --erase <current pkg> followed by --install <previous pkg>
should
not produce "bad results". If it does, there is something wrong with
the
particular package design.
Or just a horrible mistake in the packaging. Case in point a %postun
that is conditional to run for a final removal, not an upgrade. If you
remove the package, that particular postun will occur and could be
something horrible like rm -rf / (wheee hyperbole!). However a new
package could be released which fixes this horrible mistake. You'd be
Upgrading to the newer package, so the postun for final removal wouldn't
be triggered.
Scriptlets are fun. All kinds of evil can be embedded in them, and rpm
has no real mechanism to sanitize, track, or recover from anything a
scriptlet may do. And even if it did, somebody'd just make a scriptlet
that removed whatever database rpm used to keep track of such changes.
Whoops!
I personally think its good that yum decides to not play Russian
Roulette with a user's system, preferring to stick to actions that are
not 'overrides' of rpm's basic protective natures.
Ok, ok. So if a user is going to shoot themselves in the foot they have
to use rpm rather than yum to do it.
If the packager screws up, all bets are off. But that is the case anyway
isn't it?
So maybe we should remove --oldpackage/--nodeps/--force from rpm. It
follows the gnome 'dumb it down' approach. At least the user will have
less opportunity to screw up but will also have less capability to
recover from a packager mistakes. ;-)
Richard
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
