Description of problem: When running 'yum --security update', yum will list every installed package for which an update exists, before showing the small subset that needs to be updated for security and security dependencies. Merely listing these updates can take a very long time, and leads the user to believe that yum intends to update all of those packages. With some previous versions of yum-security (don't recall which), it would actually attempt to install all of the available updates, as though the --security flag had no impact on the 'update' command. Upon seeing this new behavior, a user would be inclined to give up, assuming that old bug still existed. The only reason I noticed that the updating behavior had been fixed was because I left it running processing the available non-security updates while beginning to fill out this bug report. At this point, the problem is just that yum-security is taking far more time than it should, and leading the user to believe it's going to do something they explicitly asked it not to do. Many users would be inclined to give up before they'd discover that the more serious bug has actually already been fixed. Version-Release number of selected component (if applicable): yum-security-1.1.11-1.fc8 How reproducible: 100% Steps to Reproduce: 1. Install F8 from GA media 2. yum install yum-security 3. yum --security update Actual results: Yum spends several minutes listing hundreds of packages for which non-security updates exist. Finally it shows that it's actually only going to install a small number of packages that need to be updated for security or security dependencies. Setting up Update Process Resolving Dependencies Limiting packages to security relevant ones Needed 36 of 659 packages, for security --> Running transaction check ---> Package xine-lib.x86_64 0:1.1.12-2.fc8 set to be updated [repeat last line ~658 times, not 35 times] Expected results: The transaction check should only consider the packages marked for security updates, and their dependencies
Forgot to mention, 'yum --security check-update' works as expected, and completely hides non-security updates, probably because it's not doing dependency resolution.
There is work going on wrt. the security plugin within the Fed-9 timeframe, however the security plugin intentionally does the "exclusion" when it does so that if you have a security update for A and A requires a new B then you'll get both A and B installed, instead of a failure. It's very likely that we'll have at least one new "security-update" command, which should solve the performance problem as it'll be able to just do the work it needs to.
Also I recently tried this with Fed-9 versions of everything, and it doesn't act that way ... can you try Fed-9 or the recent yum/yum-security: yum install pygpgme -y yum --enablerepo=development install yum yum-security ...and see if it does the same thing (wondering if you have something set weird so that it is working differently).
Fedora 9 seems to be behaving as expected. Feel free to close.
This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.