Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Yast selecting packages on its own

  1. #1

    Default Yast selecting packages on its own

    I'm not talking about YaST auto-resolving dependencies for me or the auto-updater checking for patches... sometimes, when I start up the Software Management portion of YaST, there will be a package or two marked for installation. Today, for example, it wants ksshaskpass. This is 11.2 64-bit. (I know I'm bucking the trend of 11.3 questions, but I'm hoping you can overlook that.)

    Is this behavior expected? I don't think I ever noticed it prior to 11.2. Has anyone else noticed this weirdness?

  2. #2
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,734
    Blog Entries
    20

    Default Re: Yast selecting packages on its own

    This does happen from time to time.
    I generally go with it...
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  3. #3

    Default Re: Yast selecting packages on its own

    Glad to know it's not just me, but that kind of behavior from a program that runs with root privilege really makes me antsy. Who knows what unwanted packages I've overlooked and installed along with my selected packages. Anyone know what the cause is? Couldn't this be a real security issue?

  4. #4
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,734
    Blog Entries
    20

    Default Re: Yast selecting packages on its own

    Couldn't this be a real security issue?
    Not if you are the admin and know your sources.
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  5. #5
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,454

    Default Re: Yast selecting packages on its own

    This is perfectly normal behaviour if you use the Live-CDs and then go to Software Management before Online Update; anything which would be a recommended update in Online update appears in Software Management.

  6. #6

    Default Re: Yast selecting packages on its own

    Caf4926: That assumes that only malware can compromise your security. Any additional package is an additional potential security bug, any unwanted package could lead to a misconfiguration or the enabling of an unexpected service. I trust my sources, but I wouldn't let them administer my workstation blindly.

    john_hudson: That's good to know, but doesn't apply in this situation. This is an installed system, and the packages are ones that don't show up in online update.

  7. #7
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,734
    Blog Entries
    20

    Default Re: Yast selecting packages on its own

    Quote Originally Posted by novelgazer View Post
    Caf4926: That assumes that only malware can compromise your security. Any additional package is an additional potential security bug, any unwanted package could lead to a misconfiguration or the enabling of an unexpected service. I trust my sources, but I wouldn't let them administer my workstation blindly.

    john_hudson: That's good to know, but doesn't apply in this situation. This is an installed system, and the packages are ones that don't show up in online update.
    ....................really
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  8. #8

    Default Re: Yast selecting packages on its own

    I realize it sounds paranoid, but most computer security involves cultivating a well-informed sense of paranoia. Think of it this way -- you trust the people who maintain your repositories. But would you trust me to select some packages from those repositories and install them on your workstation without telling you? Maybe I'd pick something innocuous, maybe I'd pick a server, maybe I'd pick a slightly out of date package with some known bugs, or a piece of software it is illegal to possess in your home country. The point is, you don't know what I picked, or even that I did it.

    Since I don't know the mechanism of this bug, and no one has volunteered one, I am essentially in the situation of having a stranger secretly install packages to my workstation.

    Admittedly, I can check for auto-selected stuff every time I run the package management software, but who knows how long this went on before I realized, and how do I know it's not happening when I run an auto-update?

  9. #9
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,769

    Default Re: Yast selecting packages on its own

    If you run auto-update you get what is feed to you. If you are really concerned about security and this bothers you never run auto-update.

    As said if you install from a CD you do not get the "full" Opensuse package. You should install these recommender packages. But it is up to you simply mark them not to be installed. You can always install them when you find out you really did need them.

  10. #10

    Default Re: Yast selecting packages on its own

    Thanks for the info gogalthorp, but I believe you are misreading the situation. Just to clarify:

    1. I installed from DVD.
    2. Sometimes when I run Software Management, _before_ I select packages to install, there are packages already selected.
    3. These packages are not dependencies of the software I have installed or am about to install.
    4. These packages are not updates. That is, they do not appear in the auto-update widget or in the system update utility in YaST.

    Does this describe the same situation you are talking about?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •