Hello, on Sonntag, 10. August 2008, Bernhard Walle wrote:
* Christian Boltz <opensuse@cboltz.de> [2008-08-10 15:49]:
on Sonntag, 10. August 2008, Bernhard Walle wrote:
All repos in the build service are actively developed and not frozen if a distribution is released. So, for example, I install 'blackbox' from the X11:windowmanagers repository. I that 'blackbox' package would be in openSUSE (directly), then I would not need to update the version just to get security fixes.
Valid point, but you make an assumption: There's someone who backports the security fixes to the version that was in $distribution_release. I'm afraid this will be the bottleneck here :-(
Well, it would be ok for me that if a security problem is encountered, that (and only that) package is updated to latest upstream version.
Basically this method sounds good and is more likely doable in practise than backporting fixes. (I just wonder about what would have happened if PHP4 would not have been in the distro and there would have been a "security update" to PHP5 ;-) Fortunately the difference between different versions is not that big in most packages.
However, so, I must, and if libxyz is also in that repository, I also get that new version which is probably buggy just because I run "zypper update -t package".
I guess this problem is solved by the vendor stickyness in 11.0 - unless the newer libxyz is needed by the package you want to install/update.
What is “vendor stickyness”, i.e. where can I configure that for a repo?
It should be active by default and means that YaST and zypper will ask before taking a package from a different vendor. Here's an example where you can see it in action: # zypper search --details --match-exact ktorrent Reading installed packages... S | Name | Type | Version | Arch | Repository --+----------+---------+--------------+------+------------------------- v | ktorrent | package | 3.1.2-0.pm.1 | i586 | Packman 11.0 i | ktorrent | package | 3.0.2-22.1 | i586 | Haupt-Repository (Open Source Software - OSS) I have the package from 11.0 OSS repo installed, packman offers a newer one. # zypper up -t package ktorrent Reading installed packages... Problem: cannot install both ktorrent-3.0.2-22.1.i586 and ktorrent-3.1.2-0.pm.1.i586 Solution 1: install ktorrent-3.1.2-0.pm.1.i586 (with vendor change) SUSE LINUX Products GmbH, Nuernberg, Germany --> packman.links2linux.de Solution 2: do not ask to install a solvable providing ktorrent > 3.0.2-22.1 Choose from above solutions by number or cancel [1/2/C]: Solution 1 would be a vendor change, solution 2 enforces the vendor stickyness (will result in "nothing to do" here). Regards, Christian Boltz -- Wenn man bedenkt, dass die Leute vor 150 Jahren ihre E-Mails noch bei Kerzenlicht geschrieben haben... [Marianne Kestler, de.admin.net-abuse.mail, 6.5.2000] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org