Re: Fwd: [smart] Package downgrades

[Michael Vogt]

On Tue, Jun 21, 2005 at 09:51:23AM -0300, Gustavo Niemeyer wrote:
[..]
> >    [L]et's say that I want to install some new net-related
> >    software to my server with Smart, and it - in order to
> >    fulfill some other dependencies - then wants to *downgrade*
> >    something that has had important security fixes... Would
> >    Smart be smart enough to understand what should not be
> >    downgraded? Maybe it should also include some smart
> >    mechanism to undestand that, at least important security
> >    upgrades should not be downgraded to less secure versions.
> >    But that again would, of coursse, make smart ever more
> >    comlicated. Feasible? I don't know, maybe, maybe not?
> >
> >That sounds like a valid concern, is there such a mechanism?
> 
> There is no mechanism nor should there be in smart (or any other  
> depsolver tool) to attempt this flawed goal.
[..]

Speaking for debian/ubuntu and dpkg downgrades are a really fragile
operation and are considered harmfull in the general case. 

The problem is that debian packages tend to do all sorts of
interessting stuff in there postinst scripts.  This can be as simple
as adding a symlink from /usr/doc to /usr/share/doc to stuff that is
really complex like converting a old configuration file format (from
the old version) into a new one (for the new version). Those
operations are not reversible in the general case.

So in general a downgrade does not work for debian packages (it will
in >90%, but it's not something that should be done) and may break in
spectacular ways. So it would be nice to have a way of forbidding
downgrades at all (maybe this is already possible I can't looked
closly enough yet).

I wonder how rpm handle the above descriped downgrade problem. Is
there a policy that a package must be downgradable again? Or will rpm
package just not do things as the ones described above?

Cheers,
 Michael

-- 
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo