On Fri, 5 Jul 2002 10:51:58 +0100 (BST) Bob Vickers <bobv@cs.rhul.ac.uk> wrote:
Dear All,
I have reported a couple of YaST2 bugs to SuSE, and one of them has security implications that people should be aware of.
I was using yast2 to install extra packages on a running system, and was having great difficulty because yast2 kept on hanging after I had made my package selection. So I used the feature (available on the Extras button) to save my configuration then loaded it on the next run.
After loading the configuration yast2 took it upon itself to reinstall from CD all the packages that were already installed as well as the new ones I had requested. This was irritating, but what makes it much worse is that it *downgraded* packages which had had security updates installed.
So I would warn people: when you run yast2 watch what it does and always be ready to reinstall your security updates if necessary.
Yes. I had exactly this problem to, when trying to clone servers. With Yast1 you could save a package selection and then load that on a new machine during install (Forinstance, I usually do a minimum install, but remove sendmail and add postfix, same for lpd vs cups). When you load this saved package list onto a new machine it will ADD the extra packages, but not remove the ones you had deselected. It is for this reason that I have not yet rolled out SuSE 8.0 on any production servers :-( Everyone here knows I am a great supporter of SuSE, but this problem is a serious PITA! I hope SuSE can make Yast2 better for 8.1, as I will be only using 8.0 on my workstation and custom built servers :-( I for one also miss the documentation that used to be in /etc/rc.config and now does not exist in /etc/sysconfig/ for instance, where is the switch to turn off NSCD?? (If someone knwos how to do this without firing up the runlevel editor in yast2 please let me know!!) Please consider this positive criticism, and not a flame at SuSE. 8.0 is certainly the best yet desktop distro from SuSE, but I feel there are a few steps backward from a server point of view. Online Update is also less than ideal, however thanks to Markus we have fou4s to work around that. -- Viel Spaß Peter Nixon - nix@susesecurity.com SuSE Security FAQ Maintainer http://www.susesecurity.com/faq/ "If you think cryptography will solve the problem, then you don't understand cryptography and you don't understand your problem."