[Bug 239725] New: yast2 online_update: downgrade Firefox, install Thunderbird as security updates?
https://bugzilla.novell.com/show_bug.cgi?id=239725 Summary: yast2 online_update: downgrade Firefox, install Thunderbird as security updates? Product: openSUSE 10.2 Version: Final Platform: i386 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: Update Problems AssignedTo: hmuelle@novell.com ReportedBy: gp@novell.com QAContact: jsrain@novell.com CC: visnov@novell.com This is a system with Firefox 2.0 installed and no version of Thunderbird.
rpm -qa | gre> rpm -qa | grep Fire MozillaFirefox-2.0.0.1-0.1 MozillaFirefox-translations-2.0.0.1-0.1
Yet, yast2 online_update shows MozillaFirefox: Security update to 1.5.0.9 MozillaThunderbird: Security update to version 1.5.0.9 as available updates which would be a downgrade in case of Firefox and install Thunderbird to begin with. And as if this was not sufficiently confusing already, there are some strange checkmarks in front of these two updates, as well as the optional Microsoft TrueType Core Fonts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 ------- Comment #1 from gp@novell.com 2007-01-28 16:51 MST ------- Created an attachment (id=115792) --> (https://bugzilla.novell.com/attachment.cgi?id=115792&action=view) Screenshot showing yast2 online_update This confuses the hell out of me. I wonder what it is going to do to a regular user? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 andreas.hanke@gmx-topmail.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andreas.hanke@gmx-topmail.de ------- Comment #2 from andreas.hanke@gmx-topmail.de 2007-01-28 17:10 MST ------- MozillaFirefox has a wrong patchinfo. This is bug 230762. Almost every Firefox patch has this bug. IMHO you should keep one of them open as a reminder to fix it next time. This time at least the verbose patch description is correct, but as you can see, it doesn't suffice. Please write "Security update to 1.5.0.9/2.0.0.1" into the one-line summary next time if you must use the same patchinfo for all distributions. The font patch is an optional patch. You don't have to install it, it is not selected for installation by default and on the screenshot it's clearly visible that it won't be installed because the checkbox is blank. However, there is a real bug that YOU shows this patch as having "all dependencies satisfied". This is bug 224401. I don't know why the MozillaThunderbird patch is displayed although it should not be needed. YaST2 logfiles might help. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 ------- Comment #3 from gp@novell.com 2007-01-28 17:21 MST ------- (In reply to comment #2)
MozillaFirefox has a wrong patchinfo. This is bug 230762.
Which is RESOLVED WONTFIX, unfortunately (so I didn't find it). IMnsHO we really *should* fix this. It is extremely confusing.
The font patch is an optional patch. You don't have to install it, it is not selected for installation by default and on the screenshot it's clearly visible that it won't be installed because the checkbox is blank.
The latter part I understood. The "all dependencies satisfied" checkmark, which is visiable, is however completely unintuitive. Is there already a bug on that, or should I file one? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 ------- Comment #4 from andreas.hanke@gmx-topmail.de 2007-01-28 17:33 MST ------- (In reply to comment #3)
The "all dependencies satisfied" checkmark, which is visiable, is however completely unintuitive. Is there already a bug on that
It depends. If it's about this specific case (the font patch), it's bug 224401. If it's the design in general, there is no report about it AFAIK. It is a conscious decision to show patches which have all dependencies satisfied, and mark the fact that the patch dependencies are satisfied this way because there is a technical difference between having a patch installed and having only its dependencies installed. In short: If you have all dependencies of a patch installed, you don't need the patch any more, but installing the patch enforces that the patch dependencies remain satisfied. Without installing the patch, the user could later break the patch again by downgrading packages. So far it makes sense, but opensuse-updater and zen-updater don't follow this logic. They don't show such patches at all, which makes the whole thing confusing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com ------- Comment #5 from meissner@novell.com 2007-01-29 02:31 MST ------- We will fix it with the next firefox update. And this was the first patch with wrong summary. I may have made the mistake in the summary too, but usually not. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 hmuelle@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hmuelle@novell.com Status|NEW |NEEDINFO Info Provider| |meissner@novell.com ------- Comment #6 from hmuelle@novell.com 2007-01-29 06:08 MST ------- Marcus would be so kind and provide the patch/zypp-id as well as our internal MD5sum? Maybe we could change the patch at least for all people having it not downloaded(cached) yet). I need to have a look at it first - no promises. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|meissner@novell.com | ------- Comment #7 from meissner@novell.com 2007-01-29 06:19 MST ------- 1dd388eaa628478f69bcecd3e22fbaf5 putonftpno 53136 zyppno 2418 I stronlgy recommand AGAINST editing the 10.2 patch tree directly. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 hmuelle@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|hmuelle@novell.com |meissner@novell.com ------- Comment #9 from hmuelle@novell.com 2007-01-29 06:35 MST ------- Looking at internal data: => SUMMARY: MozillaFirefox: Security update to 1.5.0.9 => SUMMARY_DE: MozillaFirefox: Sicherheitsupdate auf Version 1.5.0.9 => CATEGORY: security => DESCRIPTION: => This update brings MozillaFirefox to the security update release 1.5.0.9^M => (2.0.0.1 for openSUSE 10.2) and includes the following security fixes:^M We can't change it without breaking 9.3, 10.0, 10.1 which are using 1.x.x line. Manually editing 10.2 patch directly is no option like Marcus said. Handover to Marcus to fix issue with next update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=239725 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #10 from meissner@novell.com 2007-03-06 10:00 MST ------- i just used 2 seperate patchinfos now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com