[CentOS] What's wrong with yum-priorities?

Mon Nov 23 03:27:51 UTC 2009
R P Herrold <herrold at centos.org>

On Sun, 22 Nov 2009, Dennis Kibbe wrote:

> "The upstream maintainer of yum, Seth Vidal, had the following to say
> about 'yum priorities' in September 2009:
>
> Gosh, I hope people do not set up yum priorities. There are so many things
> about priorities that make me cringe all over. It could just be that it
> reminds me of apt 'pinning' and that makes me want to hurl."
>
> This note was placed on the wiki (PackageManagement/Yum?Priorities)
> without any explanation why yum-priorities isn't a good idea.

Hi, Dennis

That page is outlinked from the general discussion on 
Respositories, which runs through a discussion of 
'exclude' and 'includepkg' as earlier options to consider 
before these two non-stock install addons to yum that you 
mentioned.

The problem with priorities, and pinning generally, is that it 
cannot anticipate the growth of package dependencies, and 
tries to solve with a static rule, a shifting problem.  It may 
work to get what is initially wanted, but it is a durable 
solution, nor the right solution, because eventually, some 
combination of enhanced weighting will cause an unintended 
consequence, blocking some more important upgrade [a 
point version bump, or worse a security async update].

We see it a lot in the IRC channel with people who don't or 
won't read, and with the intermitent availability of some 
non-CentOS archives, and yet want the system to solve 
integrating encumbered sound driver codecs and extensions. 
They do, sometimes withthis approach, or forcing or much worse 
--nodeps, and later have the 'wheels come off' when some 
library dependency on a main archive is blocked by an upgrade 
path not anticipated or tested by the adjunct archive 
maintainer.

It is usually safe to drill in a binary package out at the 
leaf nodes from an external archive -- but these encumbered 
packages have a witches brew of libraries they need as well, 
and when upgrades on the main line are issued, one can end up 
with an unsolvable set of dependencies for the old, and 
requirements by the new.

'priorities' falls over and dies at that point from 
self-induced dependency hell, and CentOS is blamed for it in 
the back splatter.  I was the wiki article editor who 
initially added that caveat section, after seeing priorities 
being pushed as the 'best' alternative.

It is not.  It is more like Russian roulette without peeking 
at the state of the chamber, for your installation. The 
mentioned 'exclude' and 'includepkg' approach is more correct, 
but also requires reading the yum and rpm man pages, and 
gaining some understanding of dependencies.

-- Russ herrold