Hi Owen,

On 20/08/15 17:37, Lamar Owen wrote:
> On 08/20/2015 10:24 AM, Paul Millar wrote:
>>
>> The /usr/lib/rpm/redhat/macros file is supplied by the
>> redhat-rpm-config RPM, that the security update pulled in:
>>
>> [root@sisyphus ~]# rpm -qf /usr/lib/rpm/redhat/macros
>> redhat-rpm-config-9.0.3-44.sl6.noarch
> Paul,
>
> Thanks for the detail.  Can you verify on 6.6 (or previous) that
> installing the 6.6 (non-patched) version of redhat-rpm-config also
> causes the defaults to be SL-5 incompatible?

AFAIK, before the patch-level 44 releases, there was no 
redhat-rpm-config in SL-6.


> There are several relevant
> bugzillas for the redhat-rpm-config 'security' update, but probably the
> most relevant one is 1122100 ( direct link
> https://bugzilla.redhat.com/show_bug.cgi?id=1122100 ).  This is upstream
> of SL, and apparently it is intentional, and so you'll need to file a
> bugzilla with redhat (or continue use the workaround you already found).

I can carry on with the work-around I found.

However, I found this "security upgrade" to be rather badly handled (by 
RedHat).

Specifically, I find it bad that the default hash and default 
compression changed in a patch-level release from a security update. 
Such changes should come with major releases.

The problem is that earlier versions of dCache don't have explicitly 
configured hash and compression values in their spec files.  This means 
that I now cannot rebuild earlier tagged dCache versions and get the 
same RPMs.

Do you know where and how I should report this?

Cheers,

Paul.