Bug 174462 - RFE: Download package updates, if available
Summary: RFE: Download package updates, if available
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-11-29 11:25 UTC by Jeff Garzik
Modified: 2013-07-03 02:26 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-12-01 03:26:59 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jeff Garzik 2005-11-29 11:25:54 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
For all installs, make it possible for the user to download the latest versions of all packages, i.e. updates.  If the latest updates are installed at provisioning (install) time, the unpatched window of vulnerability is completely eliminated.

For network installs, I presume this means asking the user if they would like to install updates, and prompting for a URL.

For non-network installs, I presume there would be an additional network configuration step, before the above.  The chosen media (cdrom or whatever) should be preferred, when a package has not been updated.


Version-Release number of selected component (if applicable):
anaconda-10.2.1.5-2

How reproducible:
Always

Steps to Reproduce:
1. Install FC4.
2. Reboot.
3. Download several hundred megabytes of updates.
4. Pray there are no security problems that will be exploited during the long download of updates.

  

Actual Results:  Installer produces an unpatched system.

Expected Results:  Installer produces a patched system.

Additional info:

Comment 1 Jeremy Katz 2005-12-01 03:26:59 UTC
That's one of the eventual goals of moving towards using yum as a backend. 


Note You need to log in before you can comment on or make changes to this bug.