[Bug 544524] New: Use unqiue keys / vendors per repository
http://bugzilla.novell.com/show_bug.cgi?id=544524 Summary: Use unqiue keys / vendors per repository Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: BuildService AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bitdealer@gmail.com QAContact: adrian@novell.com Found By: --- Please use unique keys for every single repository. The reasoning is that MLS closed bug 503276 because he maps the vendors to the signing keys (which make sense and is perfectly reasonable) but doesn't really help as long as there is more than one repository using the same key because then there is no way to enforce with zypp, being limited to "vendor stickiness", to get package X _only_ from repo Y and no other one. E.g. the whole KDE packages have "KDE" as vendor and everything bellow "devel:tools" uses the same vendor ("devel:tools") as well. So I could e.g. put a package in "devel:tools:ide" having a newer version than the one in "devel:tools" and there were _no_ way to prevent getting updated to that one instead of sticking with the one in "devel:tools". A nice example for this would be Subversion, which is, for some reason, in devel:tools:scm and devel:tools:scm:svn (and "Subversion" as well but that uses a different key). So, until zypp moves on to something more sophisticated than "vendor stickiness" (which I don't see happening anytime soon), like e.g. Smart's priority system for repositories _and_ packages, there's no way to say I want package X from repo Y and none other. Which then will probably cause major mayhem sooner or later. To put it short: As long as zypp sticks with vendor stickiness it is impossible to overcome this major issue and the easiest sollution currently is to use unique vendors / keys per repository which should be pretty easy to change. Please change that in time for 11.2 because waiting another 8 months isn't really feasible in production usage. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=544524
User bitdealer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=544524#c1
--- Comment #1 from Stephan Kleine
http://bugzilla.novell.com/show_bug.cgi?id=544524
zhu rensheng
http://bugzilla.novell.com/show_bug.cgi?id=544524
User adrian@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=544524#c2
Adrian Schröter
http://bugzilla.novell.com/show_bug.cgi?id=544524
Adrian Schröter
http://bugzilla.novell.com/show_bug.cgi?id=544524
User bitdealer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=544524#c3
Stephan Kleine
http://bugzilla.novell.com/show_bug.cgi?id=544524
User adrian@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=544524#c4
Adrian Schröter
http://bugzilla.novell.com/show_bug.cgi?id=544524
User bitdealer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=544524#c5
Stephan Kleine
we have the Vendor and the key domain bind together since some weeks. Means the vendor is set based on where the key comes from.
Right. That improves the situation compared to one vendor for all repositories but still is far from perfect cause of zypps retarded package handline that relies on vendors.
If you want to create bugs, than please assign them to the project owners.
The bug is, IMHO, the current configuration of OBS that uses the same key / vendor for more than one repository which then makes it impossible to say "I want package X from repo A but not from B" if A & B use the same key / vendor. Also, do you really think that filing bugs against most of the non home repos so their owners request an unique key makes more sense than simply switching some default config for newly created projects and then iterating over the project tree to change it for existing ones? I humbly dare to disagree. Last but not least I fail to see what your problem might be with using unique keys per repository? You have to accept it once per key (which costs like 2 seconds more time) but therefore you have the peace of mind that your package isn't switched to some random other repository that happens to use the same key in which another, newer, version might show up that you do NOT want to install. So, what problem do you see with using unique keys per repository? As in what prevents your from switching over from the current setup to unique keys to prevent zypps vendor stickiness from screwing one over? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=544524
User bitdealer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=544524#c6
Stephan Kleine
participants (1)
-
bugzilla_noreply@novell.com