Discussion:
[Slapt-get-user] slapt-get order of operations
Jude DaShiell
2010-11-23 02:30:52 UTC
Permalink
When downloading any package unless package verification is disabled,
package verification needs to have succeeded before removal of any old
software. With package verification enabled, on the current version of
slapt-get I notice slapt-get removes old software and empty directories
before doing package verification of the newly downloaded package.
Sooner or later someone with a flakey connection or malware thrown into a
package will have a problem with this if it's not changed.
Jason Woodward
2010-11-23 04:30:31 UTC
Permalink
Hi Jude,
Post by Jude DaShiell
When downloading any package unless package verification is disabled,
package verification needs to have succeeded before removal of any old
software. With package verification enabled, on the current version of
slapt-get I notice slapt-get removes old software and empty directories
before doing package verification of the newly downloaded package.
Sooner or later someone with a flakey connection or malware thrown into a
package will have a problem with this if it's not changed.
I'm not sure I follow. Prior to anything getting installed, removed, etc
each package is downloaded and the md5sum is verified. What verification
are you referring to?


take care,
jason
--
Jason Woodward
<woodwardj at jaos.org>
Jude DaShiell
2010-11-23 05:21:58 UTC
Permalink
I'm talking about the order of messages that speak on the screen as
slapt-get is run. I did not save a script session of slapt-get operation
this time but will do so on slackware's next update. My normal order of
operations is first to run slapt-get -u and then to run slapt-get
--upgrade. It's the upgrade step that has me troubled. If verification
is done prior to any removals, then for whatever reason those messages are
Post by Jason Woodward
Hi Jude,
Post by Jude DaShiell
When downloading any package unless package verification is disabled,
package verification needs to have succeeded before removal of any old
software. With package verification enabled, on the current version of
slapt-get I notice slapt-get removes old software and empty directories
before doing package verification of the newly downloaded package.
Sooner or later someone with a flakey connection or malware thrown into a
package will have a problem with this if it's not changed.
I'm not sure I follow. Prior to anything getting installed, removed, etc
each package is downloaded and the md5sum is verified. What verification
are you referring to?
take care,
jason
--
Jason Woodward
<woodwardj at jaos.org>
Loading...