[New: openFATE 310233] skip repo update when installing packages with zypper
Feature added by: Denny Beyer (lumnis) Feature #310233, revision 1 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos get updated and the user has to wait. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the used immidiate access to install a software package? -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Jan Engelhardt (jengelh) Feature #310233, revision 2 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos get updated and the user has to wait. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the used immidiate access to install a software package? + Discussion: + #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49) + >Because a general user needs several extra repo + + No he does not. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Denny Beyer (lumnis) Feature #310233, revision 3 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos get updated and the user has to wait. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the used immidiate access to install a software package? Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
+ #2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) + and you are THE general user to have the worlds wisdom to judge that + .... why don't you leave that decision up to openfate users to vote? -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Ned Ulbricht (ned_ulbricht) Feature #310233, revision 4 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos get updated and the user has to wait. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the used immidiate access to install a software package? Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? + #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) + You don't want someone unknowingly installing a vulnerable package + after a security update has been released. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Denny Beyer (lumnis) Feature #310233, revision 5 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos get updated and the user has to wait. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the used immidiate access to install a software package? Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. + #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) + Please explain, I don't see any difference it would make to weather I + wait for zypper or not. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Denny Beyer (lumnis) Feature #310233, revision 6 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run - zypper, repos get updated and the user has to wait. Because a general - user needs several extra repos, this waiting time always seems to be - too long. + zypper, repos are getting updated and the user has to wait for that + process to be finished. Because a general user needs several extra + repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time - intervall has passed and give the used immidiate access to install a - software package? + intervall has passed and give the user immidiate access to zypper to + install a software package? + The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Stefanos Kotsonis (kotsonis) Feature #310233, revision 7 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. + #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) + Agreed, but those are going to show up on the desktop via the updater + applet. + The idea of having zypper keeping itself refreshed via a daemon makes a + lot of sense to me. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Ned Ulbricht (ned_ulbricht) Feature #310233, revision 8 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. + #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) + Let's take this explanation a little piece at a time. + + So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm + . Now, since the last time you've refreshed your repos, there's been a + awful security flaw found and patched. The updates repo has foo-1.1-1. + i586.rpm available. (Never mind delta rpms, let's keep this simple.) + + What do you think should happen when you execute.... + # zypper install foo + ??? + + If libzypp hasn't refreshed the updates repo, how is libzypp supposed + to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a + swing at answering this, please. + + #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Ned Ulbricht (ned_ulbricht) Feature #310233, revision 9 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. + #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) + How big of a vulnerability window do you want? + + I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf + . I wouldn't recommend that as a default. But it's convenient for me, + and I know I put that value in there, so it doesn't surprise me. + + Compare that hour to refreshing metadata in the background every + hour. How much bandwidth do you want to spend? The load gets heavier + if leave the default at 10 minutes. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Denny Beyer (lumnis) Feature #310233, revision 10 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. + #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6) + >What do you think should happen when you execute.... + ># zypper install foo + zypper does it's job and installs the latest package, which would be + the patched version. And it knows about it, because I updated the repos + just 10min ago ... or the updater did it after loggin in or the deamon + or what not. + >If libzypp hasn't refreshed the updates repo, how is libzypp supposed + to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a + swing at answering this, please. + I'm not talking about not to do a refresh at all, but is it really + necessary each time you run zypper? There could still be a switch to + force to update, otherwise like once a day/once after login might be + enough in general. #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Denny Beyer (lumnis) Feature #310233, revision 11 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. + #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) + Let me ask a question that might sound silly to some more knowledgable + people: Whould that situation change, would the server send out a + notification to registered users once the repo has been updated? Like a + broadcast message service - or twitter - if you like, and zypper would + keep reading those messages for something interesting to it? So it's + not the user requestion each and every time that information you run + zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Ned Ulbricht (ned_ulbricht) Feature #310233, revision 12 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
+ #10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) + If you yourself want metadata refreshed only once a day, then you can + already just turn off auto-refresh in all your repos, and start a daily + cron job for zypper -q refresh . But if you do that, then you're + knowingly assuming the risk that you'll have out-of-date metadata when + you install a package. #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Denny Beyer (lumnis) Feature #310233, revision 13 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. + #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) + And what would happen, would that be the case? - The (newer) package + would be installed anyway? + Zypper throughs an exception for not finding the package, I can update + it afterwards and rerun zypper? Zypper tells me to update right away, + as it noticed it's not up-to-date? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Jan Engelhardt (jengelh) Feature #310233, revision 14 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? + #12: Jan Engelhardt (jengelh) (2010-07-26 22:14:57) (reply to #2) + No, I am, bluntly speaking, among those who have to wade through + general users' mess of repos when they post a problem in the forums. #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) And what would happen, would that be the case? - The (newer) package would be installed anyway? Zypper throughs an exception for not finding the package, I can update it afterwards and rerun zypper? Zypper tells me to update right away, as it noticed it's not up-to-date? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Ned Ulbricht (ned_ulbricht) Feature #310233, revision 15 Title: skip repo update when installing packages with zypper openFATE: Unconfirmed Priority Requester: Important Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #12: Jan Engelhardt (jengelh) (2010-07-26 22:14:57) (reply to #2) No, I am, bluntly speaking, among those who have to wade through general users' mess of repos when they post a problem in the forums. #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) And what would happen, would that be the case? - The (newer) package would be installed anyway? Zypper throughs an exception for not finding the package, I can update it afterwards and rerun zypper? Zypper tells me to update right away, as it noticed it's not up-to-date? + #13: Ned Ulbricht (ned_ulbricht) (2010-07-27 00:05:55) (reply to #11) + Well, if you're still running 11.1, with a default KDE desktop, then + you'll probably trigger what seems like a relatively benign bug. It's + somewhat annoying, but only somewhat annoying, so I haven't been + motivated enough to find the time to report it. Chances are the bug is + PackageKit-0.3.11-1.14.1 . Under some circumstances, it doesn't seem + to honor autorefresh=0 . Anyhow, if you configure kupdateapplet to + use the ZYpp Plugin instead of the PackageKit Plugin, you'll work + around the bug. Alternatively, kill kupdateapplet and just use zypper + --that's another workaround for the bug. Or if you're running + something newer than 11.1, then you could try and reproduce it, and + file a bug report. I have 11.2 here too, but that's in production use + as DNS and DHCP and doesn't run a desktop. + + So anyhow, why don't you just check it out and see what happens? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Thomas Schmidt (digitaltomm) Feature #310233, revision 16 Title: skip repo update when installing packages with zypper - openFATE: Unconfirmed + Buildservice: Unconfirmed Priority - Requester: Important + Requester: Desirable Requested by: Denny Beyer (lumnis) Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #12: Jan Engelhardt (jengelh) (2010-07-26 22:14:57) (reply to #2) No, I am, bluntly speaking, among those who have to wade through general users' mess of repos when they post a problem in the forums. #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) And what would happen, would that be the case? - The (newer) package would be installed anyway? Zypper throughs an exception for not finding the package, I can update it afterwards and rerun zypper? Zypper tells me to update right away, as it noticed it's not up-to-date? #13: Ned Ulbricht (ned_ulbricht) (2010-07-27 00:05:55) (reply to #11) Well, if you're still running 11.1, with a default KDE desktop, then you'll probably trigger what seems like a relatively benign bug. It's somewhat annoying, but only somewhat annoying, so I haven't been motivated enough to find the time to report it. Chances are the bug is PackageKit-0.3.11-1.14.1 . Under some circumstances, it doesn't seem to honor autorefresh=0 . Anyhow, if you configure kupdateapplet to use the ZYpp Plugin instead of the PackageKit Plugin, you'll work around the bug. Alternatively, kill kupdateapplet and just use zypper --that's another workaround for the bug. Or if you're running something newer than 11.1, then you could try and reproduce it, and file a bug report. I have 11.2 here too, but that's in production use as DNS and DHCP and doesn't run a desktop. So anyhow, why don't you just check it out and see what happens? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Sascha Peilicke (saschpe) Feature #310233, revision 17 Title: skip repo update when installing packages with zypper - Buildservice: Unconfirmed + Buildservice: Rejected by Sascha Peilicke (saschpe) + reject reason: So the feature was about having a "zypper ref" cronjob + and/or triggering a refresh after user login. So far the feature seems + to be widely refused as inappropriate. Old feature, no recent activity, + I guess closing is ok. Priority Requester: Desirable Requested by: Denny Beyer (lumnis) Partner organization: openSUSE.org Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #12: Jan Engelhardt (jengelh) (2010-07-26 22:14:57) (reply to #2) No, I am, bluntly speaking, among those who have to wade through general users' mess of repos when they post a problem in the forums. #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) And what would happen, would that be the case? - The (newer) package would be installed anyway? Zypper throughs an exception for not finding the package, I can update it afterwards and rerun zypper? Zypper tells me to update right away, as it noticed it's not up-to-date? #13: Ned Ulbricht (ned_ulbricht) (2010-07-27 00:05:55) (reply to #11) Well, if you're still running 11.1, with a default KDE desktop, then you'll probably trigger what seems like a relatively benign bug. It's somewhat annoying, but only somewhat annoying, so I haven't been motivated enough to find the time to report it. Chances are the bug is PackageKit-0.3.11-1.14.1 . Under some circumstances, it doesn't seem to honor autorefresh=0 . Anyhow, if you configure kupdateapplet to use the ZYpp Plugin instead of the PackageKit Plugin, you'll work around the bug. Alternatively, kill kupdateapplet and just use zypper --that's another workaround for the bug. Or if you're running something newer than 11.1, then you could try and reproduce it, and file a bug report. I have 11.2 here too, but that's in production use as DNS and DHCP and doesn't run a desktop. So anyhow, why don't you just check it out and see what happens? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: OpenSUSE User (palswim) Feature #310233, revision 18 Title: skip repo update when installing packages with zypper Buildservice: Rejected by Sascha Peilicke (saschpe) reject reason: So the feature was about having a "zypper ref" cronjob and/or triggering a refresh after user login. So far the feature seems to be widely refused as inappropriate. Old feature, no recent activity, I guess closing is ok. Priority Requester: Desirable Requested by: Denny Beyer (lumnis) Partner organization: openSUSE.org Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #12: Jan Engelhardt (jengelh) (2010-07-26 22:14:57) (reply to #2) No, I am, bluntly speaking, among those who have to wade through general users' mess of repos when they post a problem in the forums. #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) And what would happen, would that be the case? - The (newer) package would be installed anyway? Zypper throughs an exception for not finding the package, I can update it afterwards and rerun zypper? Zypper tells me to update right away, as it noticed it's not up-to-date? #13: Ned Ulbricht (ned_ulbricht) (2010-07-27 00:05:55) (reply to #11) Well, if you're still running 11.1, with a default KDE desktop, then you'll probably trigger what seems like a relatively benign bug. It's somewhat annoying, but only somewhat annoying, so I haven't been motivated enough to find the time to report it. Chances are the bug is PackageKit-0.3.11-1.14.1 . Under some circumstances, it doesn't seem to honor autorefresh=0 . Anyhow, if you configure kupdateapplet to use the ZYpp Plugin instead of the PackageKit Plugin, you'll work around the bug. Alternatively, kill kupdateapplet and just use zypper --that's another workaround for the bug. Or if you're running something newer than 11.1, then you could try and reproduce it, and file a bug report. I have 11.2 here too, but that's in production use as DNS and DHCP and doesn't run a desktop. So anyhow, why don't you just check it out and see what happens? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. + #14: OpenSUSE User (palswim) (2015-09-23 08:11:36) + You can use the --no-refresh zypper option + (https://en.opensuse.org/SDB:Zypper_manual_(plain)) to accomplish this + in a single zypper invocation. + Use it as an option for the zypper call itself, before any command + parameter: + zypper --no-refresh in tmux -- openSUSE Feature: https://features.opensuse.org/310233
Feature changed by: Sławomir Lach (Lachu) Feature #310233, revision 19 Title: skip repo update when installing packages with zypper Buildservice: Rejected by Sascha Peilicke (saschpe) reject reason: So the feature was about having a "zypper ref" cronjob and/or triggering a refresh after user login. So far the feature seems to be widely refused as inappropriate. Old feature, no recent activity, I guess closing is ok. Priority Requester: Desirable Requested by: Denny Beyer (lumnis) Partner organization: openSUSE.org Description: When installing a new package with zypper etc. everytime you run zypper, repos are getting updated and the user has to wait for that process to be finished. Because a general user needs several extra repos, this waiting time always seems to be too long. Why not running 'zypper ref' as a low priority task after startup/time intervall has passed and give the user immidiate access to zypper to install a software package? The picture I have in mind is someone just wants to install a package. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-25 13:14:49)
Because a general user needs several extra repo No he does not.
#2: Denny Beyer (lumnis) (2010-07-25 16:20:28) (reply to #1) and you are THE general user to have the worlds wisdom to judge that .... why don't you leave that decision up to openfate users to vote? #12: Jan Engelhardt (jengelh) (2010-07-26 22:14:57) (reply to #2) No, I am, bluntly speaking, among those who have to wade through general users' mess of repos when they post a problem in the forums. #3: Ned Ulbricht (ned_ulbricht) (2010-07-25 18:13:07) You don't want someone unknowingly installing a vulnerable package after a security update has been released. #4: Denny Beyer (lumnis) (2010-07-25 22:44:32) (reply to #3) Please explain, I don't see any difference it would make to weather I wait for zypper or not. #6: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:10:35) (reply to #4) Let's take this explanation a little piece at a time. So first, say there's a package on the DVD, call it foo-1.0-1.i586.rpm . Now, since the last time you've refreshed your repos, there's been a awful security flaw found and patched. The updates repo has foo-1.1-1. i586.rpm available. (Never mind delta rpms, let's keep this simple.) What do you think should happen when you execute.... # zypper install foo ??? If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. #8: Denny Beyer (lumnis) (2010-07-25 23:23:32) (reply to #6)
What do you think should happen when you execute.... # zypper install foo zypper does it's job and installs the latest package, which would be the patched version. And it knows about it, because I updated the repos just 10min ago ... or the updater did it after loggin in or the deamon or what not. If libzypp hasn't refreshed the updates repo, how is libzypp supposed to know that >foo-1.1-1.i586.rpm exists? Computer telepathy? Take a swing at answering this, please. I'm not talking about not to do a refresh at all, but is it really necessary each time you run zypper? There could still be a switch to force to update, otherwise like once a day/once after login might be enough in general.
#10: Ned Ulbricht (ned_ulbricht) (2010-07-26 01:36:30) (reply to #8) If you yourself want metadata refreshed only once a day, then you can already just turn off auto-refresh in all your repos, and start a daily cron job for zypper -q refresh . But if you do that, then you're knowingly assuming the risk that you'll have out-of-date metadata when you install a package. #11: Denny Beyer (lumnis) (2010-07-26 21:30:04) (reply to #10) And what would happen, would that be the case? - The (newer) package would be installed anyway? Zypper throughs an exception for not finding the package, I can update it afterwards and rerun zypper? Zypper tells me to update right away, as it noticed it's not up-to-date? #13: Ned Ulbricht (ned_ulbricht) (2010-07-27 00:05:55) (reply to #11) Well, if you're still running 11.1, with a default KDE desktop, then you'll probably trigger what seems like a relatively benign bug. It's somewhat annoying, but only somewhat annoying, so I haven't been motivated enough to find the time to report it. Chances are the bug is PackageKit-0.3.11-1.14.1 . Under some circumstances, it doesn't seem to honor autorefresh=0 . Anyhow, if you configure kupdateapplet to use the ZYpp Plugin instead of the PackageKit Plugin, you'll work around the bug. Alternatively, kill kupdateapplet and just use zypper --that's another workaround for the bug. Or if you're running something newer than 11.1, then you could try and reproduce it, and file a bug report. I have 11.2 here too, but that's in production use as DNS and DHCP and doesn't run a desktop. So anyhow, why don't you just check it out and see what happens? #5: Stefanos Kotsonis (kotsonis) (2010-07-25 22:57:27) (reply to #3) Agreed, but those are going to show up on the desktop via the updater applet. The idea of having zypper keeping itself refreshed via a daemon makes a lot of sense to me. #7: Ned Ulbricht (ned_ulbricht) (2010-07-25 23:19:48) (reply to #5) How big of a vulnerability window do you want? I normally back off to repo.refresh.delay = 60 in /etc/zypp/zypp.conf . I wouldn't recommend that as a default. But it's convenient for me, and I know I put that value in there, so it doesn't surprise me. Compare that hour to refreshing metadata in the background every hour. How much bandwidth do you want to spend? The load gets heavier if leave the default at 10 minutes. #9: Denny Beyer (lumnis) (2010-07-25 23:31:18) (reply to #7) Let me ask a question that might sound silly to some more knowledgable people: Whould that situation change, would the server send out a notification to registered users once the repo has been updated? Like a broadcast message service - or twitter - if you like, and zypper would keep reading those messages for something interesting to it? So it's not the user requestion each and every time that information you run zypper, but the servers is sending it only if a status changed. #14: OpenSUSE User (palswim) (2015-09-23 08:11:36) You can use the --no-refresh zypper option (https://en.opensuse.org/SDB:Zypper_manual_(plain)) to accomplish this in a single zypper invocation. Use it as an option for the zypper call itself, before any command parameter: zypper --no-refresh in tmux + #15: Sławomir Lach (lachu) (2015-09-24 10:37:12) + That's idea is not very very bad, but what we can do? + We can calculate changes for few seconds(calculations must be stopped + after 5 seconds). In calculation process repo of each package, which is + needed to install, should been added to set. If error happen in + calculation process, we stop calculation - don't show any information + to user. After calculation ends we checks that's repo in set was + refreshed and recalculate all again(if some repo in set was refreshed). + That's idea should work, but I don't been very happy about this. -- openSUSE Feature: https://features.opensuse.org/310233
participants (1)
-
fate_noreply@suse.de