[bug] lunar update removes a module instead upgrading (was: Re: [Lunar-commits] <moonbase> firefox4: removed because it is not security supported - use firefox5)

Zbigniew Luszpinski zbiggy at o2.pl
Thu Jun 30 20:44:15 CEST 2011 

> > commit f81cfd86a2654eea3338d7ba79b491b481783a82
> > Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
> > Date:   Thu Jun 30 01:22:35 2011 +0200
> > 
> >     firefox4: removed because it is not security supported - use
> >     firefox5
> 
> Maybe it would have been better if this had been moved to zdeprecated
> for a while so people had a chance to switch before it was removed.
> 
> Or temporarily turn firefox4 into a profile that pulls in firefox5
> instead.
> 
> Sometimes it's a pain in the bum when active modules get deleted or
> renamed because the next time you 'lunar update' or even just 'lin
> moonbase' the system has no clue about the old module name any more.
> 
> Not everyone is using a moonbase.git and can backtrack while cleaning
> up.
> 
> D.

I'm not happy too how module replacement is (not) done. We should add 
something like module replacement table so when lunar update displays 
message that a module was removed from moonbase it should look into 
replacement table to see what install instead. Such table should have 2 
columns like:
firefox4 firefox5
to let lunar update know that when firefox4 was removed from moonbase a 
firefox5 should be lined as an update. Using profiles to upgrade is easier 
to code but will garbage moonbase with redirect modules. Update table file 
function should be easy to construct (in theory :) ): isolate row 
containing old module with grep: OLD=`grep ^${module_name}` 
/var/state/lunar/replacement.table then select new module name using 
NEW=awk $2; lrm $OLD; lin $NEW.
Unfortunately I have no time to code this so maybe some brave lunar dev 
will pick up this topic and put teory in practice.

I can not move firefox4 to zdeprecated. It has open well known security 
holes. Mozilla said that 4.0.1 release is the last one in 4.x family and 
these security holes will never be fixed. Recommended action is to remove 
firefox4 ASAP and update to firefox5 or 3.6.18 (both present in moonbase 
now in modules firefox and firefox5). So I followed Mozilla recommendation 
to protect Lunar users against compromise. If you run binary official 
firefox4 on Windows or Linux in 24 hours you will receive request to 
update to firefox5.

I always move modules to zdeprecated if there is no security danger.

have a nice day,
Zbigniew Luszpinski

More information about the Lunar-dev mailing list