Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Online Update
  • From: JW <jw@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 29 Jan 2002 12:32:55 -0600
  • Message-id: <5.1.0.14.0.20020129122129.024cb208@xxxxxxxxxxxxxxxxxxxxxxx>
At 10:33 AM 1/29/2002 +0100, you wrote:
>Does/will Yast online update support HTTP (or at least http proxy)?

yes, they added http support with one of the latest YOU updates, however you cant' choose it - it only ususes it when it wants to. SuSE doesn't have HTTPD running on any of their FTP servers either (wish they did)

>As ftp is a weird protocol anyway, I don't think it should be used so
>much, especially for important things like updates.

They should use scp :-)

> I have some servers
>behind an MS Proxy Server and can't use online update, because yast
>doesn't support any proxy, and socksify + bouncer on a machine with MS
>Proxy client installed doesn't work, too (http/ssh works thoug).
>And once again, why is YOU not half as cool as apt-get ??

Because the people who are working on it don't seem to care enough. It's slowly getting better but I really don't understand why a little more effort isn't put into it, since it's a highly sought-after feature.

Anyway, that's not the worst of YOU's problems - it uses it's own internal patch manager and never consults rpm. Due to this, a patch is always marked as "installed" unless you do some hacking. For instance the other day I fried my MySQL installation while testing and had to do an ftp reinstall from yast1. It installed the old original versions of MySQL & Co., and when I opened YOU the mysql updates that I _knew_ where there where not available to be selected.
I had to hack some things to get YOU to wake up. This is very bad.

Also if you download, say 5 updates (this actually happened to me) and during the install part rpm gives an error, say on the second package, the installation ceases (i.e. the remaining packages do _not_ get installed) yet YOU marks them as successfully installed anyway.

This actually happened to me when I way trying up update at, netscape, openssh and w3m at the same time. The NS package was corrupt, and YOU just skipped over sshd and w3m without mentioning it. I only realized what was happening because YOU "finished" the installation too fast.
If I had not been paying attention I would have _thought_ I'd upgraded sshd and would in fact have still been using the old version.

This is very bad.

I have submitted several bug reports to feedback@xxxxxxxx and bugs@xxxxxxx and not heard back from them. I have a serious mind to submit this to BugTraq in the hope of forcing SuSE to do something about it.

I've never done anything like that before - do you think I should? It's really quite important and SuSE _need_ to fix it. I'm not sure if it's serious enough for BugTraq though.


JW


----------------------------------------------------
Jonathan Wilson
System Administrator

Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com


< Previous Next >