Excuse the interruption, but I am trying to figure out who to bugzilla this against...
This morning, shortly after logging in, three packages were installed onto my machine without my knowledge/desire/permission.
The packages in question are: createrepo, anaconda-yum-plugins, and preupgrade.
This happened on a "fresh F10 install" from DVD done back on 28-Nov. It has been subsequently updated by hand (yum update) and had the rpmfusion and livna repos added to it. But little else has been "configured" from defaults, in fact, I checked under System-Preferences-System-Software Updates which has been set to the following (since it was my first time in there): Check for updates: Daily Automatic install: Nothing Check for major upgrades: Weekly Both Display notifications are checked/on
So, what caused these three packages to be installed? And, apparently I am not alone since others have chimed in on fedora-list.
So, whodunnit? :-)
--Rob
On Fri, 2008-12-05 at 13:46 -0500, Robert Locke wrote:
So, whodunnit? :-)
PackageKit did it... helpfully...? It won't in the future.
On Fri, 2008-12-05 at 11:19 -0800, Jesse Keating wrote:
On Fri, 2008-12-05 at 13:46 -0500, Robert Locke wrote:
So, whodunnit? :-)
PackageKit did it... helpfully...? It won't in the future.
Two follow-on questions:
1) Was it configured somewhere? Couldn't see anything in /etc/PackageKit/
2) So, I don't need to Bugzilla this obvious invasion, since we won't do that to machines again? <big grin>
Thanks,
--Rob
On Fri, 2008-12-05 at 14:28 -0500, Robert Locke wrote:
Two follow-on questions:
- Was it configured somewhere? Couldn't see anything
in /etc/PackageKit/
I don't know. PK did it so that it would know what options were available for upgrades so that it could offer you the ability to upgrade. We've moved that information to a public webserver rather than being in the preupgrade package so that PK can get this information without stealth installing packages.
- So, I don't need to Bugzilla this obvious invasion, since we won't do
that to machines again? <big grin>
Well, I don't think there are any current guidelines that would have caught this, but it does fall into the "don't do that" category. It just wasn't noticed by many people until recentlyish.
2008/12/5 Jesse Keating jkeating@redhat.com:
On Fri, 2008-12-05 at 13:46 -0500, Robert Locke wrote:
So, whodunnit? :-)
PackageKit did it... helpfully...? It won't in the future.
Can we have that in writing or a least a dialogbox ...
...dex
dexter wrote:
2008/12/5 Jesse Keating jkeating@redhat.com:
On Fri, 2008-12-05 at 13:46 -0500, Robert Locke wrote:
So, whodunnit? :-)
PackageKit did it... helpfully...? It won't in the future.
Can we have that in writing or a least a dialogbox ...
What would you want the dialog box to say?
Rahul
2008/12/5 Rahul Sundaram sundaram@fedoraproject.org:
dexter wrote:
2008/12/5 Jesse Keating jkeating@redhat.com:
On Fri, 2008-12-05 at 13:46 -0500, Robert Locke wrote:
So, whodunnit? :-)
PackageKit did it... helpfully...? It won't in the future.
Can we have that in writing or a least a dialogbox ...
What would you want the dialog box to say?
As I don't use this Kit I'll never see it, but along the lines of 'is it ok to install x.y.z to enable auto-updates [y|n]' followed by a 'always do this | dont ask again'. The important keyword here is opt-in!
...dex
On Sat, 2008-12-06 at 02:49 +0000, dexter wrote:
As I don't use this Kit I'll never see it, but along the lines of 'is it ok to install x.y.z to enable auto-updates [y|n]' followed by a 'always do this | dont ask again'. The important keyword here is opt-in!
Well that wasn't what the package was installed for. It was installed so that PackageKit could have the appropriate information to check if there were distro level upgrades (say 9 to 10) available for you. The upstream has been asked to please not install any software in Fedora without a users consent, so hopefully this scenario won't happen again, at least not with PackageKit.
On Fri, 2008-12-05 at 21:53 -0800, Jesse Keating wrote:
On Sat, 2008-12-06 at 02:49 +0000, dexter wrote:
As I don't use this Kit I'll never see it, but along the lines of 'is it ok to install x.y.z to enable auto-updates [y|n]' followed by a 'always do this | dont ask again'. The important keyword here is opt-in!
Well that wasn't what the package was installed for. It was installed so that PackageKit could have the appropriate information to check if there were distro level upgrades (say 9 to 10) available for you. The upstream has been asked to please not install any software in Fedora without a users consent, so hopefully this scenario won't happen again, at least not with PackageKit.
I think, in this case, it would have made more sense to have added a new Pre-Req to an update of PackageKit, since it was not defined in the initial package of F10. I would have probably happily agreed to have those three packages brought along for the ride at my next "yum update".... What was disconcerting to me is when the settings for the PackageKit tool say: "Automatic install: Nothing".
It's great when folks don't even pay attention to their own settings.... <evil grin>
Thanks Jesse for clarifying with upstream,
--Rob
-
dexter -
Jesse Keating -
Rahul Sundaram -
Robert Locke