On Mon, Dec 31, 2007 at 07:37:34AM -0600, Johnny Hughes wrote:
We are working on a yum-3.2.8 version for CentOS-5 as well, as there is a major bug in the 3.0.x branch that causes problems with file paths used with file dependency calculations. However, just like we don't roll newer KDE changes back into CentOS-4 and CentOS-3, we will probably not upgrade the yum in centos-4 or centos-3 to yum-3.2.8.
I wouldn't compare yum to kde/gnome/glibc. The same reasoning behind upgrading from 3.0.x to 3.2.x can be used for 2.0.x. In fact the diffs between 3.0.x to 3.2 are IMHO larger than 2 to 3.
And RHEL4/3 didn't ship any yum at all, so you have larger degrees of freedom in CentOS than in CentOS5, where there is a yum 3.0.x shipped by the vendor and according to "clone-the-bugs-as-well" one has to keep the pure CentOS5 parts to 3.0.1. :/
The problem is that the new versions of yum require new versions of python ... and python is not something that we recommend updating .. EVER :)
Of course. :)
That means that either we have to change the newer yum versions to work with the older python or create newer a python to use in conjunction with the older python on older versions of CentOS.
Yes, for example a while back (actually 2 years ago) I had to create python24 to allow smart support in RHEL3 and RHEL4 as well as FC5 at that time (or maybe FC4, can't remember exactly). Later smart relaxed the python requirements and I could mostly use the system python (but an interesting lesson was that people were using python24 for several other things as well). Same is true for yum/apt and their dependencies, be that python or libxml etc. One can always find a way to sideinstall these dependencies w/o breaking the vendor's packages.
In general for infrastructural bits like yum/apt/smart I would follow a different policy than never-update-always-backport, especially when they are not part of the cloned master. Many yum security issues are not even raised from old releases as they valnish too quickly, so at the end CentOS has a copy of yum that upstream doesn't support and needs to code review itself and also try to backport important security and bug fixes sometimes into code that looks like from a different project.
But we have thousands of CentOS-3 users who are perfectly happy with the old yum 2.0.8 and it works for them, so we did not put the yum upgrade for CentOS-3 into base, but into centosplus.
Well, I dare to assert that for every thousand users happy with yum 2.0.x you will find 2000 users that are unhappy with it ;)