Bad quality of updates from SuSE ftp server

older
Re: [suse-security] Bad quality of...

Hubertus Haniel

24 Aug 2004 24 Aug '04

21:11

On the FTP server is a mkinitrd-1.0-219.i586.rpm which actually contains mkinitrd-1.0-221 so to fix the nice graphical boot screen which was broken with mkinitrd-1.0-219 one has to remove the currently installed mkinitrd-1.0-219 and install it again from the FTP server to perform the update. Yesterday Yast tried to do the right thing as instructed by patches/mkinitrd-51598 but failed as it was looking for mkinitrd-1.0-221.i586.rpm which did not exist. Today this patch was marked as obsolete. The spamassassin update published today for 8.2 contains only spamassassin but no update for perl-spamassassin so I had to rebuild the source rpm to get both. I don't know about everybody else but I personally find the standard of SuSE updates has dropped since Novell have got the fingers in the pie. Best regards Hubba

Show replies by date

Hubertus Haniel

24 Aug 24 Aug

21:27

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Tue, 24 Aug 2004, Hubertus Haniel wrote:

...

Date: Tue, 24 Aug 2004 22:11:24 +0100 (BST) From: Hubertus Haniel To: suse-security@suse.com Subject: [suse-security] Bad quality of updates from SuSE ftp server

On the FTP server is a mkinitrd-1.0-219.i586.rpm which actually contains mkinitrd-1.0-221 so to fix the nice graphical boot screen which was broken with mkinitrd-1.0-219 one has to remove the currently installed mkinitrd-1.0-219 and install it again from the FTP server to perform the update.

Yesterday Yast tried to do the right thing as instructed by patches/mkinitrd-51598 but failed as it was looking for mkinitrd-1.0-221.i586.rpm which did not exist. Today this patch was marked as obsolete.

Forgot to mention that this was on SuSE 9.0

...

The spamassassin update published today for 8.2 contains only spamassassin but no update for perl-spamassassin so I had to rebuild the source rpm to get both.

I don't know about everybody else but I personally find the standard of SuSE updates has dropped since Novell have got the fingers in the pie.

Best regards Hubba

Olivier Mueller

25 Aug 25 Aug

08:10

New subject: [suse-security] Bad quality of updates from SuSE ftp server [megaraid]

On Tue, 2004

...

I don't know about everybody else but I personally find the standard of SuSE updates has dropped since Novell have got the fingers in the pie.

same felling here :( Current problem (since this morning): a "vanilla" suse 9.1 on a poweredge 600 SC with MegaRAID (PERC) was working fine. After YOU update (kernel, inkl. mk_initrd etc.), it can't boot anymore: megaraid module seems to have problems (waiting for device to come, etc. and then nothing). Had to boot from 9.1 install CD and reinstall "orginal" kernel by hand to be able to work again with that server: that's not really serious :( Ok, suse cannot test all modules on kernel updates, but why should a kernel security update break scsi/raid modules!? Lost again a few hours because of this kind of problems :( regards, Olivier

Sven Schollmeyer

08:50

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Am few weeks ago i got the same problem on an standard suse 8.1 I've updatet it over you and reboot. The machine didn't come back. I had an hour of work to reanimate it. Yesterday on an suse 9.1 (strato standard) i made an online update, On several rpm's you sad me that the signature of the rpm's are bad. Am 24.08.2004 23:11 Uhr schrieb "Hubertus Haniel" unter :

...

On the FTP server is a mkinitrd-1.0-219.i586.rpm which actually contains mkinitrd-1.0-221 so to fix the nice graphical boot screen which was broken with mkinitrd-1.0-219 one has to remove the currently installed mkinitrd-1.0-219 and install it again from the FTP server to perform the update.

Yesterday Yast tried to do the right thing as instructed by patches/mkinitrd-51598 but failed as it was looking for mkinitrd-1.0-221.i586.rpm which did not exist. Today this patch was marked as obsolete.

The spamassassin update published today for 8.2 contains only spamassassin but no update for perl-spamassassin so I had to rebuild the source rpm to get both.

I don't know about everybody else but I personally find the standard of SuSE updates has dropped since Novell have got the fingers in the pie.

Best regards Hubba

Robert Schiele

09:03

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wed, Aug 25, 2004 at 10:50:28AM +0200, Sven Schollmeyer wrote:

...

Yesterday on an suse 9.1 (strato standard) i made an online update, On several rpm's you sad me that the signature of the rpm's are bad.

This might be related to defective memory as well. It is quite typical for rpm to find invalid signatures on sane packages in such situations. Robert -- Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de

suse＠rio.vg

14:08

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Quoting Hubertus Haniel :

...

I don't know about everybody else but I personally find the standard of SuSE updates has dropped since Novell have got the fingers in the pie.

I've noticed this, too. From tripwire not even being tested if it could run without segfaulting, to the ongoing kernel issues, it's reached the point where I don't have enough faith in SuSE to automatically install security patches. For two years, when I ran RedHat, I had a machine that would download and install patches from them without me having to even bother thinking about it. Since RedHat told all small businesses to take a flying leap, I moved to SuSE, and even just in this time the quality of the updates has sunk dramatically. I really like SuSE's layout and distro, but if these security updates continue to be released in such a slipshod manner, I doubt I'll be able to justify continued use to my boss. He'd already rather we move to Debian so that he doesn't have to pay at all...

Marcus Meissner

14:16

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wed, Aug 25, 2004 at 10:08:45AM -0400, suse@rio.vg wrote:

...

Quoting Hubertus Haniel :

...
I don't know about everybody else but I personally find the standard of SuSE updates has dropped since Novell have got the fingers in the pie.

I've noticed this, too. From tripwire not even being tested if it could run without segfaulting, to the ongoing kernel issues, it's reached the point where I don't have enough faith in SuSE to automatically install security patches. For two years, when I ran RedHat, I had a machine that would download and install patches from them without me having to even bother thinking about it. Since RedHat told all small businesses to take a flying leap, I moved to SuSE, and even just in this time the quality of the updates has sunk dramatically.

I really like SuSE's layout and distro, but if these security updates continue to be released in such a slipshod manner, I doubt I'll be able to justify continued use to my boss. He'd already rather we move to Debian so that he doesn't have to pay at all...

We are sorry for any inconvience caused. We try to have the best quality for security updates, but unfortunately due to sheer mass of updates sometimes mistakes slip through our Quality Assurance. We have been and will be constantly improving our processes to avoid such mistakes in the future and are committed to provide the best service possible. Ciao, Marcus

suse＠rio.vg

14:45

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Quoting Marcus Meissner :

...

We are sorry for any inconvience caused. We try to have the best quality for security updates, but unfortunately due to sheer mass of updates sometimes mistakes slip through our Quality Assurance.

We have been and will be constantly improving our processes to avoid such mistakes in the future and are committed to provide the best service possible.

Now I'm *REALLY* annoyed. This is suse-security, not your press release forum. This sort of market-speak drivel only makes you look incompetent. Save the "constantly improving our processes" and "commited to provide the best service" for the suits. We're sysadmins here. We want results. If you want us to cut you some slack, give us real information. Most of us are really laid back people. Talk to us like professionals and we'll give you every chance. Just don't give us marketing drivel.

Marcus Meissner

14:50

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wed, Aug 25, 2004 at 10:45:25AM -0400, suse@rio.vg wrote:

...

Quoting Marcus Meissner :

...
We are sorry for any inconvience caused. We try to have the best quality for security updates, but unfortunately due to sheer mass of updates sometimes mistakes slip through our Quality Assurance.

We have been and will be constantly improving our processes to avoid such mistakes in the future and are committed to provide the best service possible.

Now I'm *REALLY* annoyed. This is suse-security, not your press release forum. This sort of market-speak drivel only makes you look incompetent. Save the "constantly improving our processes" and "commited to provide the best service" for the suits.

We're sysadmins here. We want results. If you want us to cut you some slack, give us real information. Most of us are really laid back people. Talk to us like professionals and we'll give you every chance. Just don't give us marketing drivel.

Ok, translated I want to say: "Yes, we fucked up. We try harder not to fuck up in the future." :) is this satisfyingly techy enough ? :) Fixed spamassassin updates are going out as I am writing this mail. Ciao, Marcus

suse＠rio.vg

15:05

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Quoting Marcus Meissner :

...

Ok, translated I want to say:

"Yes, we fucked up. We try harder not to fuck up in the future." :)

is this satisfyingly techy enough ? :)

Fixed spamassassin updates are going out as I am writing this mail.

*MUCH* better! Speak to us like human beings and we'll be on your side every time...

Olivier Mueller

15:09

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wed, 2004-08-25 at 16:50 +0200, Marcus Meissner wrote:

...

Ok, translated I want to say: "Yes, we fucked up. We try harder not to fuck up in the future." :) is this satisfyingly techy enough ? :)

voila, finally! :) and for my "little" problem (retail suse 9.1 working fine on a dell PE 600SC with megaraid (perC), updated suse 9.1 not working anymore), do you have an idea, or should I just stick to the "unsafe" kernel? It's currently on a devel server with no external contact, but it's supposed to go live in a few weeks, so then it should have a safe kernel... If I can help in any way... ? regards, Olivier

Ralf Ronneburger

15:28

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Hi, to add my 2 cents to the discussion about bad update-quality - I'm also not satisfied the way it works in the last months. And as it is a fact, that there where many problems especially with kernel-updates in the last time it'd be a good idea for suse to not uninstall the old kernel and delete it's config but to add the new kernel as default and leave the old one as fallback on the system. It's not that we can't help ourselfs if spamassasin or tripwire are broken, but updating a kernel on a remote SuSE-system these days requires some delight in risk. Greetings, Ralf

Mike Rose

15:39

New subject: [suse-security] Bad quality of updates from SuSE ftp server

When using: rpm -ivh kernel-whatever.rpm you get: ls -l /boot/*previous* lrwxrwxrwx 1 root root 27 Aug 5 09:59 /boot/initrd.previous -> ./initrd-2.6.5-7.75-default lrwxrwxrwx 1 root root 28 Aug 5 09:59 /boot/vmlinuz.previous -> ./vmlinuz-2.6.5-7.75-default If you are using grub then a simple bit of editing of /boot/grub/menu.lst something like this: " # color white/blue black/light-gray default 0 timeout 10 title Linux kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/ dev/hda2 showopts initrd (hd0,0)/boot/initrd title Previous Kernel kernel (hd0,0)/boot/vmlinuz.previous root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/dev/hda2 showopts initrd (hd0,0)/boot/initrd.previous title No ACPI, APM, DMA or resume kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 showopts ide=nodma apm=off acpi=off vga=normal no resume nosmp noapic maxcpus=0 3 initrd (hd0,0)/boot/initrd " and you now have the previous kernel available. Mike Rose TCM & Biological Physics Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/ On Wed, 25 Aug 2004, Ralf Ronneburger wrote:

...

Hi,

to add my 2 cents to the discussion about bad update-quality - I'm also not satisfied the way it works in the last months. And as it is a fact, that there where many problems especially with kernel-updates in the last time it'd be a good idea for suse to not uninstall the old kernel and delete it's config but to add the new kernel as default and leave the old one as fallback on the system. It's not that we can't help ourselfs if spamassasin or tripwire are broken, but updating a kernel on a remote SuSE-system these days requires some delight in risk.

Greetings,

Ralf

Sanz family

15:59

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Mike, I just installed the newest kernel in my SuSE professional 8.0 so, I tried to see if the last kernel was there... These are the results: Superman:~ # uname -a Linux Superman 2.4.21-231-default #1 Mon Jun 28 15:39:34 UTC 2004 i686 i686 i386 GNU/Linux Superman:~ # cd /boot Superman:/boot # ls -lart total 3744 -rw-r--r-- 1 root root 80324 Sep 23 2003 memtest.bin -rw-r--r-- 1 root root 64824 Sep 23 2003 message lrwxrwxrwx 1 root root 1 Apr 8 07:11 boot -> . drwxr-xr-x 2 root root 496 Apr 8 07:22 grub -rw-r--r-- 1 root root 512 Apr 8 07:22 backup_mbr drwxr-xr-x 23 root root 560 Jul 21 11:30 .. -rw-r--r-- 1 root root 52328 Aug 12 10:21 config-2.4.21-243-default -rw-r--r-- 1 root root 134396 Aug 12 10:22 Kerntypes-2.4.21-243-default -rw-r--r-- 1 root root 630824 Aug 12 10:26 System.map-2.4.21-243-default -rw-r--r-- 1 root root 1187139 Aug 12 10:26 vmlinuz-2.4.21-243-default -rw-r--r-- 1 root root 1411413 Aug 12 11:02 vmlinux-2.4.21-243-default.gz lrwxrwxrwx 1 root root 26 Aug 18 14:09 vmlinuz -> vmlinuz-2.4.21-243-default -rw-r--r-- 1 root root 250592 Aug 18 14:09 initrd-2.4.21-243-default lrwxrwxrwx 1 root root 25 Aug 18 14:09 initrd -> initrd-2.4.21-243-default drwxr-xr-x 3 root root 520 Aug 18 14:09 . Superman:/boot # rpm -qa | grep -i kernel kernel-source-2.4.21-243 kernel-docs-2.4.21-99 It seems to me as if the last kernel upgrade (2.4.21-243) successfully uninstalled the kernel version I am currently running (2.4.21-231). Notice that since all the notices about problems with the new kernel, I have not rebooted yet... Am I missing something? Best regards, Erick Sanz

...

-----Original Message----- From: Mike Rose [mailto:mr349@cam.ac.uk] Sent: Wednesday, August 25, 2004 10:40 AM To: Ralf Ronneburger Cc: suse-security@suse.com Subject: Re: [suse-security] Bad quality of updates from SuSE ftp server

When using: rpm -ivh kernel-whatever.rpm

you get: ls -l /boot/*previous* lrwxrwxrwx 1 root root 27 Aug 5 09:59 /boot/initrd.previous -> ./initrd-2.6.5-7.75-default lrwxrwxrwx 1 root root 28 Aug 5 09:59 /boot/vmlinuz.previous -> ./vmlinuz-2.6.5-7.75-default

If you are using grub then a simple bit of editing of /boot/grub/menu.lst something like this: " # color white/blue black/light-gray default 0 timeout 10

title Linux kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/ dev/hda2 showopts initrd (hd0,0)/boot/initrd

title Previous Kernel kernel (hd0,0)/boot/vmlinuz.previous root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/dev/hda2 showopts initrd (hd0,0)/boot/initrd.previous

title No ACPI, APM, DMA or resume kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 showopts ide=nodma apm=off acpi=off vga=normal no resume nosmp noapic maxcpus=0 3 initrd (hd0,0)/boot/initrd "

and you now have the previous kernel available.

Mike Rose TCM & Biological Physics Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/

On Wed, 25 Aug 2004, Ralf Ronneburger wrote:

...
Hi,

to add my 2 cents to the discussion about bad update-quality - I'm also not satisfied the way it works in the last months. And as it is a fact, that there where many problems especially with kernel-updates in the last time it'd be a good idea for suse to not uninstall the old kernel and delete it's config but to add the new kernel as default and leave the old one as fallback on the system. It's not that we can't help ourselfs if spamassasin or tripwire are broken, but updating a kernel on a remote SuSE-system these days requires some delight in risk.

Greetings,

Ralf

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Mike Rose

16:01

New subject: [suse-security] Bad quality of updates from SuSE ftp server

I'm using Suse9.1, so maybe things have changed?? How did you install your new kernel?? Mike Rose TCM & Biological Physics Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/ On Wed, 25 Aug 2004, Sanz family wrote:

...

Mike,

I just installed the newest kernel in my SuSE professional 8.0 so, I tried to see if the last kernel was there...

These are the results:

Superman:~ # uname -a Linux Superman 2.4.21-231-default #1 Mon Jun 28 15:39:34 UTC 2004 i686 i686 i386 GNU/Linux Superman:~ # cd /boot Superman:/boot # ls -lart total 3744 -rw-r--r-- 1 root root 80324 Sep 23 2003 memtest.bin -rw-r--r-- 1 root root 64824 Sep 23 2003 message lrwxrwxrwx 1 root root 1 Apr 8 07:11 boot -> . drwxr-xr-x 2 root root 496 Apr 8 07:22 grub -rw-r--r-- 1 root root 512 Apr 8 07:22 backup_mbr drwxr-xr-x 23 root root 560 Jul 21 11:30 .. -rw-r--r-- 1 root root 52328 Aug 12 10:21 config-2.4.21-243-default -rw-r--r-- 1 root root 134396 Aug 12 10:22 Kerntypes-2.4.21-243-default -rw-r--r-- 1 root root 630824 Aug 12 10:26 System.map-2.4.21-243-default -rw-r--r-- 1 root root 1187139 Aug 12 10:26 vmlinuz-2.4.21-243-default -rw-r--r-- 1 root root 1411413 Aug 12 11:02 vmlinux-2.4.21-243-default.gz lrwxrwxrwx 1 root root 26 Aug 18 14:09 vmlinuz -> vmlinuz-2.4.21-243-default -rw-r--r-- 1 root root 250592 Aug 18 14:09 initrd-2.4.21-243-default lrwxrwxrwx 1 root root 25 Aug 18 14:09 initrd -> initrd-2.4.21-243-default drwxr-xr-x 3 root root 520 Aug 18 14:09 . Superman:/boot # rpm -qa | grep -i kernel kernel-source-2.4.21-243 kernel-docs-2.4.21-99

It seems to me as if the last kernel upgrade (2.4.21-243) successfully uninstalled the kernel version I am currently running (2.4.21-231).

Notice that since all the notices about problems with the new kernel, I have not rebooted yet...

Am I missing something?

Best regards, Erick Sanz

...
-----Original Message----- From: Mike Rose [mailto:mr349@cam.ac.uk] Sent: Wednesday, August 25, 2004 10:40 AM To: Ralf Ronneburger Cc: suse-security@suse.com Subject: Re: [suse-security] Bad quality of updates from SuSE ftp server

When using: rpm -ivh kernel-whatever.rpm

you get: ls -l /boot/*previous* lrwxrwxrwx 1 root root 27 Aug 5 09:59 /boot/initrd.previous -> ./initrd-2.6.5-7.75-default lrwxrwxrwx 1 root root 28 Aug 5 09:59 /boot/vmlinuz.previous -> ./vmlinuz-2.6.5-7.75-default

If you are using grub then a simple bit of editing of /boot/grub/menu.lst something like this: " # color white/blue black/light-gray default 0 timeout 10

title Linux kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/ dev/hda2 showopts initrd (hd0,0)/boot/initrd

title Previous Kernel kernel (hd0,0)/boot/vmlinuz.previous root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/dev/hda2 showopts initrd (hd0,0)/boot/initrd.previous

title No ACPI, APM, DMA or resume kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 showopts ide=nodma apm=off acpi=off vga=normal no resume nosmp noapic maxcpus=0 3 initrd (hd0,0)/boot/initrd "

and you now have the previous kernel available.

Mike Rose TCM & Biological Physics Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/

On Wed, 25 Aug 2004, Ralf Ronneburger wrote:

...
Hi,

to add my 2 cents to the discussion about bad update-quality - I'm also not satisfied the way it works in the last months. And as it is a fact, that there where many problems especially with kernel-updates in the last time it'd be a good idea for suse to not uninstall the old kernel and delete it's config but to add the new kernel as default and leave the old one as fallback on the system. It's not that we can't help ourselfs if spamassasin or tripwire are broken, but updating a kernel on a remote SuSE-system these days requires some delight in risk.

Greetings,

Ralf

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Sanz family

18:35

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Mike, I installed via YaST... It sounds like I should download and install by hand... Is that correct? Best regards, Erick Sanz

...

-----Original Message----- From: Mike Rose [mailto:mr349@cam.ac.uk] Sent: Wednesday, August 25, 2004 11:02 AM To: Sanz family Cc: Ralf Ronneburger; suse-security@suse.com Subject: RE: [suse-security] Bad quality of updates from SuSE ftp server

I'm using Suse9.1, so maybe things have changed??

How did you install your new kernel??

Mike Rose TCM & Biological Physics Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/

On Wed, 25 Aug 2004, Sanz family wrote:

...
Mike,

I just installed the newest kernel in my SuSE professional 8.0 so, I tried to see if the last kernel was there...

These are the results:

Superman:~ # uname -a Linux Superman 2.4.21-231-default #1 Mon Jun 28 15:39:34 UTC

...
i386 GNU/Linux Superman:~ # cd /boot Superman:/boot # ls -lart total 3744 -rw-r--r-- 1 root root 80324 Sep 23 2003 memtest.bin -rw-r--r-- 1 root root 64824 Sep 23 2003 message lrwxrwxrwx 1 root root 1 Apr 8 07:11 boot -> . drwxr-xr-x 2 root root 496 Apr 8 07:22 grub -rw-r--r-- 1 root root 512 Apr 8 07:22 backup_mbr drwxr-xr-x 23 root root 560 Jul 21 11:30 .. -rw-r--r-- 1 root root 52328 Aug 12 10:21 config-2.4.21-243-default -rw-r--r-- 1 root root 134396 Aug 12 10:22 Kerntypes-2.4.21-243-default -rw-r--r-- 1 root root 630824 Aug 12 10:26 System.map-2.4.21-243-default -rw-r--r-- 1 root root 1187139 Aug 12 10:26 vmlinuz-2.4.21-243-default -rw-r--r-- 1 root root 1411413 Aug 12 11:02 vmlinux-2.4.21-243-default.gz lrwxrwxrwx 1 root root 26 Aug 18 14:09 vmlinuz -> vmlinuz-2.4.21-243-default -rw-r--r-- 1 root root 250592 Aug 18 14:09 initrd-2.4.21-243-default lrwxrwxrwx 1 root root 25 Aug 18 14:09 initrd -> initrd-2.4.21-243-default drwxr-xr-x 3 root root 520 Aug 18 14:09 . Superman:/boot # rpm -qa | grep -i kernel kernel-source-2.4.21-243 kernel-docs-2.4.21-99

It seems to me as if the last kernel upgrade (2.4.21-243) successfully uninstalled the kernel version I am currently running (2.4.21-231).

Notice that since all the notices about problems with the new kernel, I have not rebooted yet...

Am I missing something?

Best regards, Erick Sanz

...
-----Original Message----- From: Mike Rose [mailto:mr349@cam.ac.uk] Sent: Wednesday, August 25, 2004 10:40 AM To: Ralf Ronneburger Cc: suse-security@suse.com Subject: Re: [suse-security] Bad quality of updates from SuSE ftp server

When using: rpm -ivh kernel-whatever.rpm

you get: ls -l /boot/*previous* lrwxrwxrwx 1 root root 27 Aug 5 09:59 /boot/initrd.previous -> ./initrd-2.6.5-7.75-default lrwxrwxrwx 1 root root 28 Aug 5 09:59 /boot/vmlinuz.previous -> ./vmlinuz-2.6.5-7.75-default

If you are using grub then a simple bit of editing of /boot/grub/menu.lst something like this: " # color white/blue black/light-gray default 0 timeout 10

title Linux kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/ dev/hda2 showopts initrd (hd0,0)/boot/initrd

title Previous Kernel kernel (hd0,0)/boot/vmlinuz.previous root=/dev/hda1 vga=0x317 splash=silent acpi=off desktop resume=/dev/hda2 showopts initrd (hd0,0)/boot/initrd.previous

title No ACPI, APM, DMA or resume kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 showopts ide=nodma apm=off acpi=off vga=normal no resume nosmp noapic maxcpus=0 3 initrd (hd0,0)/boot/initrd "

and you now have the previous kernel available.

Mike Rose TCM & Biological Physics Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/

On Wed, 25 Aug 2004, Ralf Ronneburger wrote:

...
Hi,

to add my 2 cents to the discussion about bad update-quality - I'm also not satisfied the way it works in the last months. And as it is a fact, that there where many problems especially with kernel-updates in the last time it'd be a good idea for suse to not uninstall the

2004 i686 i686 old kernel

...
...
...
and delete it's config but to add the new kernel as default and leave the old one as fallback on the system. It's not that we can't help ourselfs if spamassasin or tripwire are broken, but updating a kernel on a remote SuSE-system these days requires some delight in risk.

Greetings,

Ralf

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Marcus Meissner

16:05

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wed, Aug 25, 2004 at 10:59:50AM -0500, Sanz family wrote:

...

Mike,

I just installed the newest kernel in my SuSE professional 8.0 so, I tried to see if the last kernel was there...

These are the results:

Superman:/boot # rpm -qa | grep -i kernel kernel-source-2.4.21-243 kernel-docs-2.4.21-99

rpm -qa|grep k_ shows the current kernel in suse versions before 9.1. k_default or similar will be the kernel. Ciao, Marcus

Mathias Homann

16:08

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Am Mittwoch, 25. August 2004 17:39 schrieb Mike Rose:

...

When using: rpm -ivh kernel-whatever.rpm

but obviously thats not the way YOU installs a kernel update.

...

you get: ls -l /boot/*previous* lrwxrwxrwx 1 root root 27 Aug 5 09:59 /boot/initrd.previous -> ./initrd-2.6.5-7.75-default lrwxrwxrwx 1 root root 28 Aug 5 09:59 /boot/vmlinuz.previous -> ./vmlinuz-2.6.5-7.75-default

because I installed the latest kernel updates by you and i dont have any .previous files in /boot. bye, MH

Mike Rose

16:19

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wed, 25 Aug 2004, Mathias Homann wrote:

...

Am Mittwoch, 25. August 2004 17:39 schrieb Mike Rose:

...
When using: rpm -ivh kernel-whatever.rpm

but obviously thats not the way YOU installs a kernel update.

dunno, I certainly only install new kernels manually

...

...
you get: ls -l /boot/*previous* lrwxrwxrwx 1 root root 27 Aug 5 09:59 /boot/initrd.previous -> ./initrd-2.6.5-7.75-default lrwxrwxrwx 1 root root 28 Aug 5 09:59 /boot/vmlinuz.previous -> ./vmlinuz-2.6.5-7.75-default

because I installed the latest kernel updates by you and i dont have any .previous files in /boot.

bye, MH

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

suse＠rio.vg

19:49

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Quoting Mathias Homann :

...

Am Mittwoch, 25. August 2004 17:39 schrieb Mike Rose:

...
When using: rpm -ivh kernel-whatever.rpm

but obviously thats not the way YOU installs a kernel update.

I believe the difference lies in: rpm -ivh kernel-foo.i586.rpm and rpm -Uvh kernel-foo.i586.rpm YaST/YOU/fou4s all use the "upgrade" path. The "install" path moves the old kernel to "previous", unless I'm mistaken. Perhaps this is a perfect thing for the SuSE guys to change in YaST/YOU: Make kernel upgrade use the "install" type path, or perhaps find some way to give the option? Maybe just make a note about it in the install patch messages to give the user an informed option to quit out of YOU and type it in manually? The "install" path is great for the vast majority of systems today, but can cause problems on smaller systems, as our wonderful linux kernel weighs in at nearly 65 megabytes, and the corresponding sources at 243mb. My laptop wouldn't like to keep too many copies of that size lying about...

Philippe Vogel

20:22

New subject: [suse-security] Bad quality of updates from SuSE ftp server

suse@rio.vg wrote:

...

Quoting Mathias Homann :

...
Am Mittwoch, 25. August 2004 17:39 schrieb Mike Rose:

...
When using: rpm -ivh kernel-whatever.rpm

but obviously thats not the way YOU installs a kernel update.

I believe the difference lies in:

rpm -ivh kernel-foo.i586.rpm

and

rpm -Uvh kernel-foo.i586.rpm

YaST/YOU/fou4s all use the "upgrade" path. The "install" path moves the old kernel to "previous", unless I'm mistaken.

Perhaps this is a perfect thing for the SuSE guys to change in YaST/YOU: Make kernel upgrade use the "install" type path, or perhaps find some way to give the option? Maybe just make a note about it in the install patch messages to give the user an informed option to quit out of YOU and type it in manually?

The "install" path is great for the vast majority of systems today, but can cause problems on smaller systems, as our wonderful linux kernel weighs in at nearly 65 megabytes, and the corresponding sources at 243mb. My laptop wouldn't like to keep too many copies of that size lying about...

I had same things as well. Even once I had to rebuild rpm database because of a corrupted rpm-database file during a broken update via YOU. Since I don't read any mails from Roman Drathmüller there lays the problem. While he mentained the list there where some smaller problems but not this dau looking updatepolicy since the last months. If you not try to fix this I will swith to some better mentained distributions (gentoo or debian which have longer uptimes than SuSE ever had). Afaik a lot more investigation is needed before giving an update to the public that doesn't seem work at all. What I don't do the last times is to use automated YOU instead I chose the updates I want to install - especially on kernel and other important updates. With this policy you make yourself a bad name in the community and don't lose it until you think over to change this bad policy. Even for novell it can't be a good thing to lose customers (even if they think only corporate customers are the right customers, but with linux you can't think like this because it is a community driven OS!). Best reguards Philippe

Philippe Vogel

20:25

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Philippe Vogel wrote:

...

suse@rio.vg wrote:

...
Quoting Mathias Homann :

...
Am Mittwoch, 25. August 2004 17:39 schrieb Mike Rose:

...
When using: rpm -ivh kernel-whatever.rpm

but obviously thats not the way YOU installs a kernel update.

I believe the difference lies in:

rpm -ivh kernel-foo.i586.rpm

and

rpm -Uvh kernel-foo.i586.rpm

YaST/YOU/fou4s all use the "upgrade" path. The "install" path moves the old kernel to "previous", unless I'm mistaken.

Perhaps this is a perfect thing for the SuSE guys to change in YaST/YOU: Make kernel upgrade use the "install" type path, or perhaps find some way to give the option? Maybe just make a note about it in the install patch messages to give the user an informed option to quit out of YOU and type it in manually?

The "install" path is great for the vast majority of systems today, but can cause problems on smaller systems, as our wonderful linux kernel weighs in at nearly 65 megabytes, and the corresponding sources at 243mb. My laptop wouldn't like to keep too many copies of that size lying about...

I had same things as well. Even once I had to rebuild rpm database because of a corrupted rpm-database file during a broken update via YOU.

Since I don't read any mails from Roman Drathmüller there lays the problem. While he mentained the list there where some smaller problems but not this dau looking updatepolicy since the last months.

If you not try to fix this I will swith to some better mentained distributions (gentoo or debian which have longer uptimes than SuSE ever had). Afaik a lot more investigation is needed before giving an update to the public that doesn't seem work at all.

What I don't do the last times is to use automated YOU instead I chose the updates I want to install - especially on kernel and other important updates.

With this policy you make yourself a bad name in the community and don't lose it until you think over to change this bad policy. Even for novell it can't be a good thing to lose customers (even if they think only corporate customers are the right customers, but with linux you can't think like this because it is a community driven OS!).

Best reguards

Philippe

P.S.: Until this issues aren't fixed I a) don't use You or b) use different self compiled software which in fact works better and more reliable (look at gentoo!).

Mike Rose

26 Aug 26 Aug

09:36

New subject: [suse-security] Bad quality of updates from SuSE ftp server

I agree. User configurable options for yast and YOU to specify install or upgrade for at least kernel rpms would be nice. Could be an option for the installer when a user chooses the auto updates bit - they they choose install or uprade for kernel, with a wee bit of explanation to give them a clue what the difference is. Mike. On Wed, 25 Aug 2004 suse@rio.vg wrote:

...

Quoting Mathias Homann :

...
Am Mittwoch, 25. August 2004 17:39 schrieb Mike Rose:

...
When using: rpm -ivh kernel-whatever.rpm

but obviously thats not the way YOU installs a kernel update.

I believe the difference lies in:

rpm -ivh kernel-foo.i586.rpm

and

rpm -Uvh kernel-foo.i586.rpm

YaST/YOU/fou4s all use the "upgrade" path. The "install" path moves the old kernel to "previous", unless I'm mistaken.

Perhaps this is a perfect thing for the SuSE guys to change in YaST/YOU: Make kernel upgrade use the "install" type path, or perhaps find some way to give the option? Maybe just make a note about it in the install patch messages to give the user an informed option to quit out of YOU and type it in manually?

The "install" path is great for the vast majority of systems today, but can cause problems on smaller systems, as our wonderful linux kernel weighs in at nearly 65 megabytes, and the corresponding sources at 243mb. My laptop wouldn't like to keep too many copies of that size lying about...

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Ludwig Nussel

10:38

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Mike Rose wrote:

...

I agree. User configurable options for yast and YOU to specify install or upgrade for at least kernel rpms would be nice. Could be an option for the installer when a user chooses the auto updates bit - they they choose install or uprade for kernel, with a wee bit of explanation to give them a clue what the difference is.

YaST cannot handle multiple installed RPMs of the same name, it only sees the most recent one. That probably won't change anytime soon. If you don't want YOU to automatically update the kernel just set the patch (not the package!) to 'taboo'. YOU preserves the list of taboo patches between runs by storing it in /var/lib/YaST2/you/settings. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX AG, Development V_/_ http://www.suse.de/

maarten van den Berg

25 Aug 25 Aug

21:05

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Wednesday 25 August 2004 17:28, Ralf Ronneburger wrote:

...

Hi,

to add my 2 cents to the discussion about bad update-quality - I'm also not satisfied the way it works in the last months. And as it is a fact, that there where many problems especially with kernel-updates in the last time it'd be a good idea for suse to not uninstall the old kernel and delete it's config but to add the new kernel as default and leave the old one as fallback on the system. It's not that we can't help ourselfs if spamassasin or tripwire are broken, but updating a kernel on a remote SuSE-system these days requires some delight in risk.

Ralf ! Thank you !!!!! This has been on my "wanted" list too but I never did speak up about it. I've had so many occasions where I (or hardware, or SuSE...) fscked up and left me with an unbootable, headless, CDrom & floppyless machine. :-( I try to take due diligence myself by manually installing kernels with rpm -i instead of rpm -U but even if I don't forget that, one has to adjust a lot of things in /boot/ and lilo.conf to get a real working fallback kernel. The last case I remember was a kernel upgrade that swapped my onboard SATA and ATA drive order, so it couldn't boot anymore. Little things, lotta hassles... Maarten

...

Greetings,

Ralf

-- When I answered where I wanted to go today, they just hung up -- Unknown

Ralf Ronneburger

15:33

New subject: Problems with PERC and updated 9.1 kernel (was: Re: [suse-security] Bad quality of updates from SuSE ftp server)

Hi Oliver, Olivier Mueller wrote:

...

and for my "little" problem (retail suse 9.1 working fine on a dell PE

600SC with megaraid (perC), updated suse 9.1 not working anymore), do you have an idea, or should I just stick to the "unsafe" kernel?

what type of PERC-Raid-controller do you have? I have 2 production-systems with SuSE 9.0 and 9.1, too, so I'd be interested if I should keep my hands off that update or if I could give it a try. Did anybody get the new 9.1 kernel running on a PERC-controller? Greetings, Ralf

John Andersen

26 Aug 26 Aug

07:19

New subject: [suse-security] SpamAssassin, was: Bad quality of updates from SuSE ftp server

On Wednesday 25 August 2004 06:50 am, Marcus Meissner wrote:

...

...
We're sysadmins here. We want results. If you want us to cut you some slack, give us real information. Most of us are really laid back people. Talk to us like professionals and we'll give you every chance. Just don't give us marketing drivel.

Sysadmins would be installing spamassassin with cpan, rather than waiting for SuSE to apply the patches and create a RPM. Cpan is just as EASY, if not easier... and its going to have the fix DAYS ahead of SuSE. From the Install file: Installing or Upgrading SpamAssassin ------------------------------------ The easiest way to do this is using CPAN.pm, like so: perl -MCPAN -e shell [as root] o conf prerequisites_policy ask install Mail::SpamAssassin quit -- _____________________________________ John Andersen

list＠nolog.org

08:09

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Marcus Meissner wrote:

...

On Wed, Aug 25, 2004 at 10:45:25AM -0400, suse@rio.vg wrote:

...
Quoting Marcus Meissner :

...
We are sorry for any inconvience caused. We try to have the best quality for security updates, but unfortunately due to sheer mass of updates sometimes mistakes slip through our Quality Assurance.

did I get you right: You said that just because there is that much to be done your QA is not able to do the job the way it should?

...

...
...
We have been and will be constantly improving our processes to avoid such mistakes in the future and are committed to provide the best service possible.

The interesting point for the public is: How will SuSE try to realise that? I thought you were already committed to provide the best service possible. Kick asses of the people in your QA? Or get more people working on the issues such that the work *can* handle the 'sheer mass' of updates? Review your processes again and again instead of working on the problem itself?

...

...
Now I'm *REALLY* annoyed. This is suse-security, not your press release forum.

Seems it *is* the press release forum.

...

...
This sort of market-speak drivel only makes you look incompetent.

Much more than that drivel, the bad quality doesn't only make SuSE *look* incompetent, it seems that they in fact are - at least the QA.

...

Ok, translated I want to say:

"Yes, we fucked up. We try harder not to fuck up in the future." :)

I will take this as an official statement from SuSE w.r.t the problems that arose. Thank you. And in the future, if things get worse, all we will hear is that SuSE is fucked up again. Sounds nice.

...

is this satisfyingly techy enough ? :)

It's what we all knew. *But:* No declaration of intent will substitute a working solution.

...

Fixed spamassassin updates are going out as I am writing this mail.

... GTi

John Andersen

08:21

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Thursday 26 August 2004 12:09 am, list@nolog.org wrote:

...

...
...
...
We are sorry for any inconvience caused. We try to have the best quality for security updates, but unfortunately due to sheer mass of updates sometimes mistakes slip through our Quality Assurance.

did I get you right: You said that just because there is that much to be done your QA is not able to do the job the way it should?

Yes, I think that's exactly what he said. What's so hard to understand about that? Oh to be so over paid and under worked that the press of business never bothers you - you never fall behind, always ahead of the curve and have all code tested, triple checked, regression tested, integrated, and all in two days flat. Only Un-necessary employees always have spare time. -- _____________________________________ John Andersen

Bjorn Tore Sund

08:46

New subject: [suse-security] Bad quality of updates from SuSE ftp server

On Thu, 26 Aug 2004, John Andersen wrote:

...

On Thursday 26 August 2004 12:09 am, list@nolog.org wrote:

...
...
...
...
We are sorry for any inconvience caused. We try to have the best quality for security updates, but unfortunately due to sheer mass of updates sometimes mistakes slip through our Quality Assurance.

did I get you right: You said that just because there is that much to be done your QA is not able to do the job the way it should?

Yes, I think that's exactly what he said. What's so hard to understand about that?

Oh to be so over paid and under worked that the press of business never bothers you - you never fall behind, always ahead of the curve and have all code tested, triple checked, regression tested, integrated, and all in two days flat.

What he said. SuSE have apologised and grovelled. The wolves can take a break from their howling, all you're doing now is repeating what's been said before. And it's getting boring. SuSE made a couple of errors. It's not their first, it won't be their last, them being human and all. They'll have a look at what they did and try to do better. That's as good as can be expected and demanded. Bjørn -- Bjørn Tore Sund Phone: (+47) 555-84894 Stupidity is like a System administrator Fax: (+47) 555-89672 fractal; universal and Math. Department Mobile: (+47) 918 68075 infinitely repetitive. University of Bergen VIP: 81724 Support: system@mi.uib.no Contact: teknisk@mi.uib.no Direct: bjornts@mi.uib.no

Wolfgang Leithner

08:57

New subject: [suse-security] Bad quality of updates from SuSE ftp server

Hi folks, Am Donnerstag, 26. August 2004 10:46 schrieb Bjorn Tore Sund:

...

What he said. SuSE have apologised and grovelled. The wolves can take a break from their howling, all you're doing now is repeating what's been said before. And it's getting boring. ... I concur with Bjorn, lets get going and let SuSE off the hook. Most of the time they make our life a lot easier with all the work the do and doing it good.

After annoyance has passed we all do make errors, don't we? Nevertheless. dear SuSE people. please be more carefull in the future. Bye Wolfgang -- ----------------------------------------------------- Wolfgang Leithner Pinguin-Systeme.at Bereich Systeme und Security EMail: wolfgang.leithner@pinguin-systeme.at http://www.pinguin-systeme.at ----------------------------------------------------- GPG Key Fingerprint: 21FE FB64 BD83 8385 364A E927 BB2F F331 84FD 12A9 ----------------------------------------------------- Diese Nachricht wurde elektronisch erstellt und traegt daher weder Unterschrift noch Siegel This message was electronically created and therefore bears neither signature nor seal -----------------------------------------------------

Derek Fountain

08:43

New subject: [suse-security] Bad quality of updates from SuSE ftp server

...

...
...
This sort of market-speak drivel only makes you look incompetent.

Much more than that drivel, the bad quality doesn't only make SuSE *look* incompetent, it seems that they in fact are - at least the QA.

...
Ok, translated I want to say:

"Yes, we fucked up. We try harder not to fuck up in the future." :)

I will take this as an official statement from SuSE w.r.t the problems that arose. Thank you.

And in the future, if things get worse, all we will hear is that SuSE is fucked up again. Sounds nice.

For Christ's sake, stop bawling at the tech! It's not his fault. He explained the situation the professional way, then again the blunt way. Now he's getting on with his job as quickly as he can. If you want to spit your venom at someone, point it at the boss. The techs clearly need more resources - more people, faster machines, whatever - in order to cope with the issues they have to deal with. You increasing the pressure with your ranting isn't going to help.

7190

Age (days ago)

7192

Last active (days ago)

List overview

Download

31 comments

18 participants

participants (18)

Bjorn Tore Sund
Derek Fountain
Hubertus Haniel
John Andersen
list＠nolog.org
Ludwig Nussel
maarten van den Berg
Marcus Meissner
Mathias Homann
Mike Rose
Olivier Mueller
Philippe Vogel
Ralf Ronneburger
Robert Schiele
Sanz family
suse＠rio.vg
Sven Schollmeyer
Wolfgang Leithner