Preventing dependency breakage – Part II
My previous post has generated a bunch of discussions and I think it is worthwhile highlighting what I believe is the way to mitigate this and answer some of the concerns. I am using a FAQ form for this:
Who is responsible for the dependency problems?
The individual package maintainers are responsible for the packages they maintain and release engineering, QA team and others share the burden on finding a good solution to the overall problem. To be fair to package maintainers (I am one of them), maintaining three or four different branches (Fedora 13 – 10 at this point) for multiple architectures is not easy. A lot of maintainers do maintain more than one package and this means that we cannot expect the individual maintainers to do a perfect job. It is currently very easy to break the repository by a unintentional push as has happened over and over again including very recently.
What about a security update that breaks some dependencies. Isn’t fixing the security hole more important?
Not really. Yum’s current default behavior is to bail out if there are multiple updates and some of them have dependency issues. If you truely want users to benefit, fix the dependency issues before pushing the update. No exceptions.
Is anyone finding a solution?
Indeed. The AutoQA project from the Fedora QA team has been busy at work and one of the things would be to check for dependencies automatically. This should help us avoid pushing updates with dependency issues.
So just sit tight?
You can be patient or contribute to the AutoQA project but I think the short term way to mitigate this problem is by setting the skip-broken=1 option in /etc/yum.conf.
Interesting. What does that do?
It skips the packages that has dependency problems and updates the rest. You can either do yum update –skip-broken or set it permanently in /etc/yum.conf.
Sounds wonderful. Why are we not taking advantage of this already?
We are… to some extend. PackageKit already set this value in the yum backend it is using and users who use PackageKit (via one of its frontends) should not be seeing as many dependency breakages.
A lot of users however continue to use yum on the command line and these include non-power users on the desktop. Ideally, the graphical interfaces would solve all the desktop users needs and we don’t have to worry about command line users much but we are not there yet.
Why didn’t yum have this option set by default before? What are the downsides?
When skip-broken was first introduced it didn’t help skip many of the dependency problems. Over a period of time it has improved considerably. It is not perfect yet since there are a bunch of issues that you cannot easily detect beforehand. For example, file conflicts between packages across multiple repositories including third party ones. However setting it by default would help things considerably.
Another concern is that setting the skip-broken option by default would mask the dependency issues and users wouldn’t realize they are missing out potentially important updates. They wouldn’t report bugs and hence maintainers wouldn’t fix them soon. This was a valid point of view and one that I agreed with but yum in later revisions does list all the packages that are being skipped due to dependency issues if you use the skip-broken option.
What about system administrators who want to be informed of the dependency problems? How would they be aware of it?
If a sys admin is managing multiple systems, a test system can be used. There are tools to check the repository state and updates can be pushed directly using management tools like Spacewalk.
How will maintainers be aware?
In many cases, they get automated emails informing them of the problem already. However if you run across dependency issues in the Fedora repository, please take a moment to report them so that maintainers are aware.
Why don’t you just document this option and be done with it?
That is already done but it doesn’t help much. Most users don’t read documentation. I have spend a lot of time on documentation, far more so than your average Fedora contributor and my experience is that users don’t read documentation much, if at all. The only reason I did contribute is because it is easier to document and point users to the link rather than repeat myself all the time.
If the software can be tweaked to provide a better out of the box experience, that is always going to be a far more superior solution than documenting workarounds.
Should yum set skip-broken by default now?
I believe so, yes. It is the decision of yum developers however and if they disagree that this should be the default, it would be good to understand why.
Meanwhile, I recommend users set this value and continue to report dependency issues. I will update this FAQ if there are more unanswered questions on this topic.