[Rpm-metadata] metadata list and discussion over tapas tonight
Adrian Likins
alikins at redhat.com
Tue Aug 5 21:06:56 UTC 2003
On Tue, Aug 05, 2003 at 04:55:18PM -0400, seth vidal wrote:
> On Tue, 2003-08-05 at 13:13, Joe Shaw wrote:
> > On Tue, 2003-08-05 at 12:52, seth vidal wrote:
> > > Do you mean older packages that aren't on the repository?
> > >
> > > So if I've removed foo-1.1-1.noarch.rpm and replaced it with
> > > foo-1.1-2.noarch.rpm you want to keep the info on foo-1.1-1?
> > >
> > > or do you mean if I've just added foo-1.1-2 w/o deleting foo-1.1-1 then
> > > have both sets of information?
> >
> > Sorry, I should have been more clear.
> >
> > I mean the latter: keeping around older versions of the packages, both
> > in metadata and in the repositories themselves.
> >
> > So, yeah, consider foo 1.0 on my system and in the repository.
> >
> > We release foo 1.1, which fixes a major security hole, and mark the
> > importance "urgent".
> >
> > We then release foo 1.1.1, which is just a minor bug fix release, and
> > mark the importance "minor".
> >
> > It's important to keep around the metadata for 1.0 and 1.1, in addition
> > to 1.1.1, so that we can properly convey the severity of the update
> > (updating 1.0 -> 1.1.1 should still be "urgent", not "minor"), but also
> > to allow the user to downgrade or rollback from 1.1.1 to 1.1 or 1.0.
>
> I think the general case is - the repository metadata represents what is
> available in the repository - my general opinion is that determination
> of the 'best' version should be done on the client end - not the
> repository side. So what might be 'best' for one user is not the best
> for all. But they have to live with what is available on a repository.
It does bring up an interesting point though. afaik, yum
and apt (and older up2dates...) assume the repo has only one
version of the package (the right one/latest/whatever).
with red carpet and newer up2dates (and maybe r-c-p?)
you can install older packages from a channel, and get the info
about all available packages.
Which of course, implies a signification change in
the amount and type of metadata (and the real kicker, the
packages themselfs) you keep around. At the moment, it doesnt look
like most repo providers keep around anything but the
latest packages. So, something to discuss...
Adrian
More information about the Rpm-metadata
mailing list