Bug 142533

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2) (KHTML, like Gecko)

Description of problem:
up2date allows multiple repositories for fetching updates from.

However, this does not work well when different repositories offer the same packages (in different versions).

For example, I have about 6 different repos configured. Today I updated my j2re and mozilla-j2re packages, because I'd read that there was a security bug. These two packages came from dag. When I go into up2date and select only dag, I get offered a whole load of packages to update, where the originals _didn't_ come from dag. Or, I think they didn't. I'm not sure. I have to spend some time checking! (Where did my xine come from? Dag or somewhere else? Better go to the command line and have a look).

Here's my suggestion to make this situation easier:
- Include a checkbox "Only show updates to packages originally from the same repository" or similar, whose effect would be that if I've only selected "dag", then it only shows me available updates where _the package already installed is also from dag_.

- How would this work? We'd have to have some way of knowing which packages originally came from dag, and then up2date can take all the updates available from dag, and look at the local packages to see where they came from. The best way to do this that I know of is to look at the "Vendor" or "Packager" fields. I'd suggest that up2date's configuration file needs an entry for each repo, where we provide a regex that specifies how to identify if the package comes from a certain repo or not.
e.g. the current line for dag in /etc/sysconfig/rhn/sources is:
yum dag http://apt.sw.be/fedora/2/en/$ARCH/dag

We'd then add a field "Packager: .*Dag Wieers.*" which says that "Packages from this repo are identifiable by containing 'Dag Wieers' in the Packager: header".

This format could be backwards compatible - i.e., up2date could sanely handle finds lines _without_ this field.

Version-Release number of selected component (if applicable):
4.3.19-1

How reproducible:
Always

Steps to Reproduce:
1. Have dag, livna, atrpms, freshrpms etc. in your /etc/sysconfig/rhn/sources
2. Launch up2date, and select a single repository
3. Be confused about whether the list of available updates come from the same repository that the actually installed package does come from, or if installing the update from a different repository to the original will change or mess your system (e.g. if you update your  audacity originally from freshrpms with a new version from fedora.us, you've just lost mp3 capability!).


Actual Results:  No "Only update packages originally from the selected repositories" checkbox

Expected Results:  Checkbox allowing you to only see updates from the same repository as the original package.

Additional info: