Bug 212703 - Removing package can disable system with *very* little warning
Removing package can disable system with *very* little warning
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: pirut (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-28 03:10 EDT by Thomas L. Shinnick
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-30 13:36:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas L. Shinnick 2006-10-28 03:10:00 EDT
Description of problem:
Removal of apparently optional packages can disable user-critical systems, like
the gnome UI, with no substantial warning to users of the potential impact, when
extrapolated through the force-multiplier of random (?) dependencies.

Further customizing a newly installed FC6 system, removed several packages while
adding others.  One package removed, cdrecord, a CD burner that had no obvious
use to me, had the unintended effect of removing gnome-session and other
packages required for gnome to function.  Upon next login, I was thrown into
strange "reduced functionality" 'twm' GUI.  Not obvious at all what action had
broken system.  I had to diagnose by perusing /var/log/yum.log, learn yum to
re-install gnome-session and other packages.

Steps to Reproduce:
1.  Start Add/Remove Software  (i.e. pirut)
2.  Remove package 'cdrecord'
3.  Click "Apply"
4.  Walk away or otherwise not notice the message
      "Updating these packages requires additional
           updates for proper operation"
5.  Or not quite understand that the "Removing for dependencies:" notice might
list packages of much greater criticality than is obvious, and blithely agree to
"Continue"


Actual results:
Gnome session login is disabled, with user thrown into strange GUI and no
obvious means of recovery.

Expected results:
Minor optional package removed without side-effects.

Additional info:
This is a rather large hole in the feature set, that the user is allowed to
remove a minor package, with no *real* indication of the full effect of that
removal, when *multiplied* by the removal of all possible connected packages.

And I can't quite understand why removing a CD burning program would cause the
removal of compiz, gnome-session, and gnome-volume-manager.  The removal of
gnome-media and nautilus-cd-burner at least seems related, though even then
perhaps extreme.
Comment 1 Jeremy Katz 2006-10-30 12:00:06 EST
The question is really one of where do you draw the line of what's too dangerous
to remove...  if, eg, you say that gnome-session is the point, then what about
people that want to remove GNOME? 

I guess that adding gnome-session to the list of "scary things to warn about" is
probably reasonable
Comment 2 Thomas L. Shinnick 2006-10-30 12:51:50 EST
Oh this slides into a potential mess of user interaction complications, that's 
for sure.  "Are you sure?"  "Are you really really sure, Dave?"

One more example for background.  Beagle was high on 'top', and I decided I 
was just not going to use it.  Removed the four things that popped up when I 
searched for 'beagle' (and forgetting my own rant about watching carefully and 
not letting it timeout) switched to another window and only switched back just 
in time to see "cleaning nautilus".  Removing beagle (libbeagle) removed 
nautilus and yelp!

At a minimum I see the 'requirement' for displaying a summary of actions 
taken, even if just as simple as showing the added entries 
in /var/log/yum.log .  Would I have had _any_ clue upon trying and failing to 
display dir/file listing windows that I'd _deleted_ nautilus?

And if that is not possible (adding a summary step to end of interactions), 
would it be possible to (also?) add an action to review the yum.log or some 
approximation?  Is there any other place to see what you've caused to happen?

And barring the above ideas, perhaps a one-time first-use message when someone 
elects to remove a package.  "No one else deletes packages.  Smart people 
don't delete packages.  Look what happened to Dave Bowman!  He broke the chain 
and horrible things befell him.  Reconsider, please!"
Comment 3 Jeremy Katz 2006-10-30 13:36:51 EST
I've made it so that if you're _removing_ packages: the dep dialog doesn't
automatically dismiss and the details are automatically expanded.

This should at least make it a bit more of an explicit action and hopefully
avoid some of the cases of errors.
Comment 4 Fedora Update System 2006-11-06 15:37:51 EST
pirut-1.2.7-1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 5 Fedora Update System 2006-11-10 13:20:36 EST
pirut-1.2.8-1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 6 Fedora Update System 2006-11-16 18:12:41 EST
pirut-1.2.8-1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.