Johnny Hughes wrote on Sun, 07 May 2006 16:13:47 -0500: I read man yum and came to the conclusion that it is not a problem between update and check-update. These *can* be different. check-update doesn't do dependency processing. It also mentions that the difference between update and upgrade is --obsoletes, but I don't see a difference in output at the moment. > Because ... that is a second set of calculations > > In the first set of calculations, all the packages where the names match > up are done .. hmmm, a new package named clamav-db is needed (and there > is nothing protected to prevent that). In a second set of > calculations ... clamav-db obsoletes something else. So, what protectbase does is calculate a merged list of the repos and if any package is on that list any updates from unprotected repos for it will be ignored. However, then clamav-update gets processed and checked for dependencies and that reveals the obsoleting package clamav-db (but how? see below). That's not on the list, so it gets installed. That's then at least a shortcoming of the way that protectbase works. Nevertheless, it's not really clear to me how the clamav-db package comes into play. When dependencies are checked it should just check what's in the spec file of the clamav-update package. But additionally it seems to query all repos for packages updating/obsoleting this update? > If you try to install it doesn't do it I didn't try that. I thought I can rely on what update tells me before the update. .. NOW ... if the names were > the > same (with or without the obsoletes) this would not happen. I agree. But this means that any repo can even overwrite the base repo just because it obsoletes some package that is named the same as in the base repo. This shouldn't be able to happen if I take "protectbase" literally. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com