Changes

From SME Server
Jump to navigationJump to search

Talk:Yum-plugin-priorities (view source)

Revision as of 16:31, 22 November 2008

2,018 bytes added ,  16:31, 22 November 2008
no edit summary
Line 1: Line 1:  +
==[[User:Mmccarn|Mmccarn]] 15:31, 22 November 2008 (UTC)==
 +
===perl-DBIx-DBSchema===
 +
Yes - I finally figured out that perl-DBIx-DBSchema was installed when I tried to install 'Resource Tracker' - they have their own repository....
 +
 +
Clearly, we could choose to ignore this issue -- but just as clearly if we configure yum-plugin-priorities it will become possible to install 3rd party apps that later break yum.
 +
 +
In this case, perl-DBIx-DBSchema, which is ''not'' included with SME requires perl-DBIx-SearchBuilder which ''is'' included with SME - so the low priority repo locates and wants to update perl-DBIx-DBSchema, but the priorities plugin then prevents the install of the correct perl-DBIx-SearchBuilder.
 +
 +
We need
 +
* a plugin, method, or option that blocks the update of packages from 3rd party repos if the new version requires a package that is included with SME / Centos that has not yet been updated.
 +
* a way to notify users of the blocked updates so they can decide if the blocked update involves a security issue
 +
* '''or''' documentation on how to work around this issue, along the lines of "observe the problem, identify the blocking package, update the blocking package independantly using the "--noplugins" option, then finish your update
 +
 +
===Side note on security===
 +
A major reason that I use SME server is that I feel the developers are highly security conscious, and that if I keep a SME server relatively virgin it will remain secure.  I don't have the knowledge, time or experience to evaluate every package available in Linux for its security exposure level.
 +
 +
Is there any easy way to scan a SME server, identify any installed packages that are not considered secure by the SME developers, then modify /etc/motd and add a note to server-manager stating that "unevaluated packages are installed"?
 +
 +
===Installation===
 +
My "script" for modifying /etc/yum.conf is just my notes on how to make these changes easily and temporarily; I hadn't gotten around to making a custom template fragment yet...
 +
 +
==[[User:Snoble|Snoble]] 09:37, 22 November 2008 (UTC)==
 
You should be able to use my script on 7.3 to populate the db
 
You should be able to use my script on 7.3 to populate the db
   Line 19: Line 41:  
  Installing for dependencies:
 
  Installing for dependencies:
 
   perl-DBD-Pg            i386      2.11.1-1.el4.rf  dag              286 k
 
   perl-DBD-Pg            i386      2.11.1-1.el4.rf  dag              286 k
  −
  −
[[User:Snoble|Snoble]] 09:37, 22 November 2008 (UTC)
 
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/11605"

Navigation menu