[CentOS] Re: pm-utils - ATrpms updates a system package on the stable branch

Lanny Marcus lmmailinglists at gmail.com
Tue Jul 8 20:14:18 UTC 2008


On Tue, Jul 8, 2008 at 1:27 PM, Axel Thimm <Axel.Thimm at atrpms.net> wrote:

> On Tue, Jul 08, 2008 at 12:17:58PM -0500, Lanny Marcus wrote:
> > On Tue, Jul 8, 2008 at 9:50 AM, Johnny Hughes <jhughes at hughesjr.com>
> wrote:
> >
> > > Axel Thimm wrote:
> > >
> > >> On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:
> > >>
> > >>> On 7/7/2008 2:26 PM, Scott Silva wrote:
> > >>>
> > >>>> on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
> > >>>>
> > >>>>> "The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if
> you
> > >>>>> only use the stable version. Packages in there do not overwrite
> system
> > >>>>> packages." [1]
> > >>>>>
> > >>>>> [1] http://wiki.centos.org/AdditionalResources/Repositories/
> > >>>>>
> > >>>> You need to use the priorities plugin if you are going to use 3rd
> party
> > >>>> repos. There is no other safe way about it.
> > >>>>
> > >>>
> > >> Using client side filtering is not recommended, it creates more bugs,
> > >> than it can solve. The proper thing is to take care of it on the
> > >> server side, where the package owners are supposed to know how to
> > >> structure the repos.
> > >>
> > >
> > > Client filtering is not recommended by some people ... but highly
> > > recommended by others :-D
> > >
> > > I would be one of the highly recommended votes
> > >
> >
> > If you want to protect your box, use priorities, as Johnny and many
> > others here recommend.. Nobody else is going to protect your box for
> > you. You set the priorities and you protect it. To be polite, I
> > believe the 4 line blurb above, about client side filtering is
> > B.S. It is your box, it is your job to protect your box.  Do not
> > trust anyone else to protect your box, whether it is security
> > related or related to repos for packages.
>
> So, if it is indeed B.S. may I entitle you officer of resolving
> phantom bugs that emerge out of this? Imagine package foo requiring
> bar and both packages falling into the wrong client side filtering ...
> Or google for partial and/or selective filtering of repos.
>
> At any rate this is moot for CentOS5 anyway as the repo is indeed
> (trying to) keep the base w/o any replacements, so you will never
> trigger these filtering features^Wbugs. But once you start using the
> full repo *and* filtering, all bug reports go Cc: to Lanny :)
> --
> Axel.Thimm at ATrpms.net
>

Axel: Wasn't there a  very long thread in this list, several months ago,
about EPEL and the problems that would cause, since they do not want to
include data that the other repositories include with their package
information? There would be a lot of conflicts.

My belief is that priorities works well on CentOS (I see about 300 packages
excluded, when I use yum to update  on my desktops) and that not to use
priorities is asking for trouble, if one has 3rd party repositories enabled.
The goal is to keep the boxes up to date and not to get them clobbered, by
something from a  repository with a lower priority. That is very sound,
IMHO. No need to CC me. Lanny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20080708/048ea4d5/attachment.htm


More information about the CentOS mailing list