FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-07-2008, 08:26 PM
Scott Silva
 
Default pm-utils - ATrpms updates a system package on the stable branch

on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
I performed a clean minimal CentOS 5.2 install, fully updated the
system, and then added the ATrpms repository. When I perform an update
after adding the ATrpms repository, the package pm-utils is updated the
the ATrpms repository. My understanding is there should not have been
any updates as the stable version does not update system packages, right?


"The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if you
only use the stable version. Packages in there do not overwrite system
packages." [1]


If this is true, why did this package get updated?

Thanks,
Kenneth


[1] http://wiki.centos.org/AdditionalResources/Repositories/
You need to use the priorities plugin if you are going to use 3rd party repos.
There is no other safe way about it.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-07-2008, 09:34 PM
Scott Silva
 
Default pm-utils - ATrpms updates a system package on the stable branch

on 7-7-2008 2:28 PM Joseph L. Casale spake the following:

If this is true, why did this package get updated?


Can't answer that, but do you use yum-priorities? I was actually
just looking at ATRPMS and about to see if it had what I needed
for a new install. It would be good to know if that problem happened
with the repo protection in place...

jlc
I have atrpms on a few servers, but usually leave it disabled, then if I need
something I "yum --enablerepo=atrpms install ....


You can also turn it on occasionally with update and just say no if it looks
like it wants to replace any system modules.



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-07-2008, 10:20 PM
Kenneth Burgener
 
Default pm-utils - ATrpms updates a system package on the stable branch

On 7/7/2008 2:26 PM, Scott Silva wrote:

on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
"The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if you
only use the stable version. Packages in there do not overwrite system
packages." [1]


[1] http://wiki.centos.org/AdditionalResources/Repositories/
You need to use the priorities plugin if you are going to use 3rd party
repos. There is no other safe way about it.



I am not worried about what is did to my system, as this is a minor
package. What I am more interested in is if this is a bug that needs to
be reported?


Thanks,
Kenneth
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-07-2008, 10:28 PM
Axel Thimm
 
Default pm-utils - ATrpms updates a system package on the stable branch

On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:
> On 7/7/2008 2:26 PM, Scott Silva wrote:
>> on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
>>> "The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if
>>> you only use the stable version. Packages in there do not overwrite
>>> system packages." [1]
>>>
>>> [1] http://wiki.centos.org/AdditionalResources/Repositories/
>> You need to use the priorities plugin if you are going to use 3rd party
>> repos. There is no other safe way about it.

Using client side filtering is not recommended, it creates more bugs,
than it can solve. The proper thing is to take care of it on the
server side, where the package owners are supposed to know how to
structure the repos.

> I am not worried about what is did to my system, as this is a minor
> package. What I am more interested in is if this is a bug that needs to
> be reported?

Yes, as said the package owners are *supposed* to know how to structure
the repo.

But consider it reported, it has already been fixed (try yum update
against the master, or wait for the mirrors to catch up). Thanks!
--
Axel.Thimm at ATrpms.net
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-08-2008, 02:50 PM
Johnny Hughes
 
Default pm-utils - ATrpms updates a system package on the stable branch

Axel Thimm wrote:

On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:

On 7/7/2008 2:26 PM, Scott Silva wrote:

on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
"The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if
you only use the stable version. Packages in there do not overwrite
system packages." [1]


[1] http://wiki.centos.org/AdditionalResources/Repositories/
You need to use the priorities plugin if you are going to use 3rd party
repos. There is no other safe way about it.


Using client side filtering is not recommended, it creates more bugs,
than it can solve. The proper thing is to take care of it on the
server side, where the package owners are supposed to know how to
structure the repos.


Client filtering is not recommended by some people ... but highly
recommended by others :-D


I would be one of the highly recommended votes

<snip>

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-08-2008, 05:17 PM
"Lanny Marcus"
 
Default pm-utils - ATrpms updates a system package on the stable branch

On Tue, Jul 8, 2008 at 9:50 AM, Johnny Hughes <jhughes@hughesjr.com> wrote:

Axel Thimm wrote:


On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:


On 7/7/2008 2:26 PM, Scott Silva wrote:


on 7-7-2008 12:45 PM Kenneth Burgener spake the following:


"The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if you only use the stable version. Packages in there do not overwrite system packages." [1]



[1] http://wiki.centos.org/AdditionalResources/Repositories/


You need to use the priorities plugin if you are going to use 3rd party repos. There is no other safe way about it.




Using client side filtering is not recommended, it creates more bugs,

than it can solve. The proper thing is to take care of it on the

server side, where the package owners are supposed to know how to

structure the repos.




Client filtering is not recommended by some people ... but highly recommended by others :-D



I would be one of the highly recommended votes


If you want to protect your box, use priorities, as Johnny and many others here recommend.. Nobody else is going to protect your box for you. You set the priorities and you protect it. To be polite, I believe the 4 line blurb above, about* client side filtering is B.S. It is your box, it is your job to protect your box.* Do not trust anyone else to protect* your box, whether it is security related or related to repos for packages.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-08-2008, 06:27 PM
Axel Thimm
 
Default pm-utils - ATrpms updates a system package on the stable branch

On Tue, Jul 08, 2008 at 12:17:58PM -0500, Lanny Marcus wrote:
> On Tue, Jul 8, 2008 at 9:50 AM, Johnny Hughes <jhughes@hughesjr.com> wrote:
>
> > Axel Thimm wrote:
> >
> >> On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:
> >>
> >>> On 7/7/2008 2:26 PM, Scott Silva wrote:
> >>>
> >>>> on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
> >>>>
> >>>>> "The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if you
> >>>>> only use the stable version. Packages in there do not overwrite system
> >>>>> packages." [1]
> >>>>>
> >>>>> [1] http://wiki.centos.org/AdditionalResources/Repositories/
> >>>>>
> >>>> You need to use the priorities plugin if you are going to use 3rd party
> >>>> repos. There is no other safe way about it.
> >>>>
> >>>
> >> Using client side filtering is not recommended, it creates more bugs,
> >> than it can solve. The proper thing is to take care of it on the
> >> server side, where the package owners are supposed to know how to
> >> structure the repos.
> >>
> >
> > Client filtering is not recommended by some people ... but highly
> > recommended by others :-D
> >
> > I would be one of the highly recommended votes
> >
>
> If you want to protect your box, use priorities, as Johnny and many
> others here recommend.. Nobody else is going to protect your box for
> you. You set the priorities and you protect it. To be polite, I
> believe the 4 line blurb above, about client side filtering is
> B.S. It is your box, it is your job to protect your box. Do not
> trust anyone else to protect your box, whether it is security
> related or related to repos for packages.

So, if it is indeed B.S. may I entitle you officer of resolving
phantom bugs that emerge out of this? Imagine package foo requiring
bar and both packages falling into the wrong client side filtering ...
Or google for partial and/or selective filtering of repos.

At any rate this is moot for CentOS5 anyway as the repo is indeed
(trying to) keep the base w/o any replacements, so you will never
trigger these filtering features^Wbugs. But once you start using the
full repo *and* filtering, all bug reports go Cc: to Lanny
--
Axel.Thimm at ATrpms.net
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-08-2008, 06:33 PM
Florin Andrei
 
Default pm-utils - ATrpms updates a system package on the stable branch

Johnny Hughes wrote:


Client filtering is not recommended by some people ... but highly
recommended by others :-D


It's a good idea on important systems - but then you shouldn't open
those machines to outside repositories anyway.


But if you don't do client-side filtering, you're helping the
repositories to fix their problems and become cleaner. Everyone benefits
in the long run.


There is no "one true answer to rule them all" in this case. Use
client-side filtering on the machines that must not break under any
circumstances. Relax the policy in the other cases. Use common sense.


--
Florin Andrei

http://florin.myip.org/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-08-2008, 06:42 PM
Axel Thimm
 
Default pm-utils - ATrpms updates a system package on the stable branch

On Tue, Jul 08, 2008 at 11:33:24AM -0700, Florin Andrei wrote:
> Johnny Hughes wrote:
>>
>> Client filtering is not recommended by some people ... but highly
>> recommended by others :-D
>
> It's a good idea on important systems - but then you shouldn't open
> those machines to outside repositories anyway.
>
> But if you don't do client-side filtering, you're helping the
> repositories to fix their problems and become cleaner. Everyone benefits
> in the long run.
>
> There is no "one true answer to rule them all" in this case. Use
> client-side filtering on the machines that must not break under any
> circumstances. Relax the policy in the other cases. Use common sense.

Just to present an example from Fedora: clamav within Fedora was and
is considered rather cumbersome packaged and many users turn to 3rd
party repos to get clamav installed.

If you place a filtering upon them, then some clamav subpackages will
come from the 3rd party repo and some from Fedora base leading to a
system that will possibly allow viruses to pass by. So actually the
filtering will be destabilizing your setup instead of protecting them.

The true answer to this is cooperating/merged repos and we're
targeting this on rpmrepo.org. Join up and be part of the solution
--
Axel.Thimm at ATrpms.net
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-08-2008, 06:55 PM
"Stephen John Smoogen"
 
Default pm-utils - ATrpms updates a system package on the stable branch

On Tue, Jul 8, 2008 at 12:42 PM, Axel Thimm <Axel.Thimm@atrpms.net> wrote:
> On Tue, Jul 08, 2008 at 11:33:24AM -0700, Florin Andrei wrote:
>> Johnny Hughes wrote:
>>>
>>> Client filtering is not recommended by some people ... but highly
>>> recommended by others :-D
>>
>> It's a good idea on important systems - but then you shouldn't open
>> those machines to outside repositories anyway.
>>
>> But if you don't do client-side filtering, you're helping the
>> repositories to fix their problems and become cleaner. Everyone benefits
>> in the long run.
>>
>> There is no "one true answer to rule them all" in this case. Use
>> client-side filtering on the machines that must not break under any
>> circumstances. Relax the policy in the other cases. Use common sense.
>
> Just to present an example from Fedora: clamav within Fedora was and
> is considered rather cumbersome packaged and many users turn to 3rd
> party repos to get clamav installed.
>
> If you place a filtering upon them, then some clamav subpackages will
> come from the 3rd party repo and some from Fedora base leading to a
> system that will possibly allow viruses to pass by. So actually the
> filtering will be destabilizing your setup instead of protecting them.
>
> The true answer to this is cooperating/merged repos and we're
> targeting this on rpmrepo.org. Join up and be part of the solution

You might want to make some of the mailling lists public for people to
join up on .



--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 11:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org