On 7/27/05, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > > What output are you getting from yum now? > > Does "yum --disablerepo=extras update" work any better? > > > Seems lacking that because of one missing dependancy in a non-critical > > application, yum won't even update security issues. > > There are good reasons behind the way yum works. It's a generic tool and > it doesn't know the difference between a security-critical package and a > set of fonts, so it has to treat all packages the same. > > > Imagine this: JoeHacker discovers a security flaw and writes code to > > exploit it. He knows that people will yum-update, so he breaks a > > dependancy in a package that he maintains in yum. > > That presupposes that people are using repos that Joe Hacker can write > to. If he can do that, he doesn't need to mess around with dependencies, > he can basically install whatever software he wants on those people's > machines, unless his attempt is spotted by one of his peers at that repo > when he adds that "feature". > > Paul. Thanks, Paul. I just updated successfully, without any special parameters. Tell me, how carefully watched are the people who maintain packages in, say, extras? Can these repros really be trusted in that sense? I guess that I am, in a way, letting the maintainers of the repros add anything that they like to my system- I don't have the knowledge to go over every last package, and as a home user, I do not plan on aquiring that knowledge. Dotan http://lyricslist.com/lyrics/artist_albums/311/linkin_park.php Linkin Park Song Lyrics
