[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Proposal: drop delta rpms (for real this time)
From:       Gordon Messmer <gordon.messmer () gmail ! com>
Date:       2023-02-24 16:35:56
Message-ID: f247f3ac-0392-d09f-fe28-6fc3be278958 () gmail ! com
[Download RAW message or body]

On 2023-02-24 07:42, Robert Marcano via devel wrote:
> Does DNF on RHEL for example do something different when --security is 
> involved? Because the RHEL documentation talks about it as a feature 
> to use. Is a lack of metadata for previous updates the problem or the 
> implementation? 


I don't have the log, but I checked this about a month ago:

I can set up an 8.3 system (I used a UBI container, to be specific) and 
subscribe to Red Hat's repositories. Since 8.3, there has been a 
security update to bash, but the most recent bash package is not a 
security fix. If I run |dnf update --security bash|, the system will 
offer the most recent bash package, even though it is not a security 
fix. Naturally, if I run |dnf update bash|, I get the same offer.

So on RHEL, dnf will evidently offer to update a package to the current 
version if any of the available update candidates are marked as a 
security update.  And there are multiple update candidates in RHEL 
repositories, as well as CentOS Stream repositories, unlike Fedora.

So, from my point of view the biggest problem with "dnf update 
--security" on Fedora is that rpm doesn't track minor-version 
dependencies of libraries without versioned symbols, which means that 
"dnf update --security" can easily break the system by updating a leaf 
package but not updating dependencies that have added new interfaces 
that it requires.  (But I'm working on fixing that.)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[prev in list] [next in list] [prev in thread] [next in thread]