[bug] lunar update removes a module instead upgrading (was: Re: [Lunar-commits] <moonbase> firefox4: removed because it is not security supported - use firefox5)
Zbigniew Luszpinski
zbiggy at o2.pl
Thu Jun 30 20:44:15 CEST 2011
> > commit f81cfd86a2654eea3338d7ba79b491b481783a82
> > Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
> > Date: Thu Jun 30 01:22:35 2011 +0200
> >
> > firefox4: removed because it is not security supported - use
> > firefox5
>
> Maybe it would have been better if this had been moved to zdeprecated
> for a while so people had a chance to switch before it was removed.
>
> Or temporarily turn firefox4 into a profile that pulls in firefox5
> instead.
>
> Sometimes it's a pain in the bum when active modules get deleted or
> renamed because the next time you 'lunar update' or even just 'lin
> moonbase' the system has no clue about the old module name any more.
>
> Not everyone is using a moonbase.git and can backtrack while cleaning
> up.
>
> D.
I'm not happy too how module replacement is (not) done. We should add
something like module replacement table so when lunar update displays
message that a module was removed from moonbase it should look into
replacement table to see what install instead. Such table should have 2
columns like:
firefox4 firefox5
to let lunar update know that when firefox4 was removed from moonbase a
firefox5 should be lined as an update. Using profiles to upgrade is easier
to code but will garbage moonbase with redirect modules. Update table file
function should be easy to construct (in theory :) ): isolate row
containing old module with grep: OLD=`grep ^${module_name}`
/var/state/lunar/replacement.table then select new module name using
NEW=awk $2; lrm $OLD; lin $NEW.
Unfortunately I have no time to code this so maybe some brave lunar dev
will pick up this topic and put teory in practice.
I can not move firefox4 to zdeprecated. It has open well known security
holes. Mozilla said that 4.0.1 release is the last one in 4.x family and
these security holes will never be fixed. Recommended action is to remove
firefox4 ASAP and update to firefox5 or 3.6.18 (both present in moonbase
now in modules firefox and firefox5). So I followed Mozilla recommendation
to protect Lunar users against compromise. If you run binary official
firefox4 on Windows or Linux in 24 hours you will receive request to
update to firefox5.
I always move modules to zdeprecated if there is no security danger.
have a nice day,
Zbigniew Luszpinski
More information about the Lunar-dev
mailing list