Bug 807762 - [RFE] yum product-id plugin should stop removing product certs; proposal for a BLUE installed product status
[RFE] yum product-id plugin should stop removing product certs; proposal for ...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: beta
: 7.0
Assigned To: candlepin-bugs
Entitlement Bugs
: FutureFeature
Depends On:
Blocks: rhsm-rhel70
  Show dependency treegraph
 
Reported: 2012-03-28 11:59 EDT by John Sefler
Modified: 2013-11-01 16:05 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-01 16:05:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Sefler 2012-03-28 11:59:40 EDT
Description of problem:
The yum product-id plugin is supposed to behave such that:

1. On RHEL5, a productid.pem will be installed into /etc/pki/product by the yum product-id plugin when a package is yum installed from the corresponding repo, BUT the productid.pem will never be removed by the yum product-id plugin.

2. On RHEL6, a productid.pem will be installed into /etc/pki/product by the yum product-id plugin when a package is yum installed from the corresponding repo, AND the productid.pem will be removed by the yum product-id plugin ONLY when there are no more packages installed on the system that came from the entitled yum repo.

In light of bug 806457 and bug 707313 (and others) and the inconsistent behavior between RHEL5/RHEL6 and the painful consequences of having a product cert removed (especially a base product cert like RHEL!), I propose that the yum product-id plugin NEVER remove a product cert.  Instead, we should introduce another installed product state to accompany the current Red/Yellow/Green states.  Let's call this state Blue to reflect an "Inactive" status.  This state would represent a product for which the last remaining package originating from the entitled repos supporting said product has been yum erased.  Implementing this idea may be tricky because when an entitlement is removed/revoked/unsubscribed, we would not want a Blue product to turn Red.  Another implementation trick is that an entitlement that requires tags from the provided tags of an "Inactive" product cert would have to withhold access to the provided content.  A new benefit from this proposal is that the installed product status would reflect a cumulation of what has been installed on the system.  This would be more informative than the magic disappearance of an installed product.  Remember that a product cert can always be removed manually and the repercussions of the removal can be blamed on the person who did the removal, not our entitlement management system.
Comment 1 RHEL Product and Program Management 2012-07-10 04:47:53 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 2 RHEL Product and Program Management 2012-07-10 21:48:41 EDT
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 3 John Sefler 2013-01-05 09:50:53 EST
bug 859197 is another example that supports this RFE bug
Comment 4 John Sefler 2013-06-25 14:52:29 EDT
If the fix in https://bugzilla.redhat.com/show_bug.cgi?id=859197#c15 proves to be reliable, then this RFE becomes unnecessary and can be CLOSED/WONTFIX.
Comment 5 Bryan Kearney 2013-11-01 16:05:12 EDT
Closing this out per Comment 4

Note You need to log in before you can comment on or make changes to this bug.