Bug 498967 - epel package version newer than rhel package with same name
Summary: epel package version newer than rhel package with same name
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: java-1.6.0-openjdk
Version: el5
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-04 15:48 UTC by Mark Wielaard
Modified: 2009-12-31 07:11 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
: 499079 (view as bug list)
Environment:
Last Closed: 2009-05-05 21:36:22 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Mark Wielaard 2009-05-04 15:48:36 UTC
RHEL contains java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5 which contains recent security patches, but EPEL contains java-1.6.0-openjdk-1.6.0.0-1.0.b12.el5.2, which is newer according to yum, but hasn't been updated since October last year.

Comment 1 Lillian Angel 2009-05-04 15:51:16 UTC
the version should not be 1.0 for epel. we cannot change this in rhel until the next update, so it is fairly important the epel package gets updated. i would prefer that the version is changed as well.

Comment 2 Lubomir Rintel 2009-05-05 06:23:06 UTC
(In reply to comment #1)
> the version should not be 1.0 for epel.

Is this some kind of joke? You guys fuck up the Release number despite promising to let me know about the number you're going to use to prevent exactly the kind of problem that happened and then suggesting I've used bad EVR.

Patched and submitted to build system. I guess we should skip testing repository here, any objections?

Comment 3 Lubomir Rintel 2009-05-05 06:27:57 UTC
Opened bug #499079 for RHEL.

Comment 4 Mark Wielaard 2009-05-05 10:40:01 UTC
(In reply to comment #2)
> Is this some kind of joke? You guys fuck up the Release number despite
> promising to let me know about the number you're going to use to prevent
> exactly the kind of problem that happened and then suggesting I've used bad
> EVR.

I think this is a simple miscommunication, no bad intentions. I just noticed I got the EPEL version on my RHEL system and decided to report it. Might indeed be a bug in the RHEL package version instead. Thanks for cloning the bug and sorry if I reported it against the wrong component initially if I did. But please do try to not fuck off the nice boys and girls trying to make this all work. Mistakes might have been made, then those should be corrected. Lets take this opportunity to improve the communication.

> Patched and submitted to build system. I guess we should skip testing
> repository here, any objections?  

Thanks for doing this. I think that is a good idea.

Comment 5 Lubomir Rintel 2009-05-05 19:04:52 UTC
Thanks for the report,

(In reply to comment #4)
> I think this is a simple miscommunication, no bad intentions.

sorry

> Lets take this opportunity to improve the communication.

ok

> > Patched and submitted to build system. I guess we should skip testing
> > repository here, any objections?  
> 
> Thanks for doing this. I think that is a good idea.  

Package built fine, EPEL signers were asked to push it.

Comment 6 Lubomir Rintel 2009-05-05 21:36:22 UTC
Pushing this would violate EPEL guidelines therefore it can't be done. (Adding Dennis to Cc).

To prevent situation like this I suggest you add a check to whether the package is present in EPEL (and other 3rd party repositories you care about) to your review guidelines and contacted the maintainer ensuring he is aware you're going to ship the package and having agreed on maximum EVR he'll use before the package is approved.

Comment 7 Noa Resare 2009-05-20 14:02:08 UTC
Putting aside the standard notion that "upstream is always right" I'm with Lubomir on this one. It wouldn't be rocket science for RHEL to be aware of the EVR on EPEL versions of packages added. Especially packages added from one point release to the next.

In the meantime a workaround is to add:

exclude=java-1.6.0*

to the [epel] segment of your /etc/yum.repos.d/epel.repo and enjoy both packages from epel getting updated and the latest java goodness from upstream.

Comment 8 Lubomir Rintel 2009-06-04 21:06:34 UTC
*** Bug 504189 has been marked as a duplicate of this bug. ***

Comment 9 Paul Johnson 2009-12-31 07:11:16 UTC
Why is there no resolution on this? Can somebody explain why Centos introduced versions of java-1.6.0-openjdk that have the browser plugins disabled?  I was happy enough to use the EPEL versions, but now all yum updates fail. I don't understand why,but yum thinks the Centos update packages java-1.6.0-openjdk version b09 are newer than the b12 packages that EPEL offered before.

I've grabbed the src.rpm packages for Centos and Epel versions, the comments in the Centos (from RedHat) version don't have any explanation for why they disabled the browser plugins. 

I was thinking that I would be able to rebuild a plugin package to put into EPEL to install alongside the Centos/Redhat versions, but there is way too much stuff going on in those packages for a part timer like me.  Tons of patches, lots of hacking by people with more experience than I have.


Note You need to log in before you can comment on or make changes to this bug.