Bug 428822

Summary: Zypp vendor change: ask once per session
Product: [openSUSE] openSUSE Tumbleweed Reporter: Pascal Bleser <pascal.bleser>
Component: libzyppAssignee: E-mail List <zypp-maintainers>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Enhancement    
Priority: P3 - Medium CC: bzeller, dmacvicar, lmedinas, simonf.lees
Version: Current   
Target Milestone: Current   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Pascal Bleser 2008-09-22 21:53:29 UTC 
While the vendor change protection feature of zypp is interesting in certain situations, it is a pain when users want to explicitly upgrade packages from another, untrusted repository.
Typical use case is Packman: in order to install newer or uncrippled builds of packages that ship with openSUSE (e.g. xine, tunepimp), users get a "conflict" screen that pokes them whether they want to perform the vendor change (as one of the "conflict resolution" option) for every single package.

It would be more convenient to also offer an option to accept all vendor changes to that particular vendor for a "transaction" (a set of packages to install).
That way, if someone does a "zypper in libxine1 amarok-packman" she'd only have to acknowledge doing the vendor change from openSUSE to Packman once (during that session of yast or zypper).
Comment 1 Duncan Mac-Vicar 2008-11-04 09:50:23 UTC 
Interesting feature.
Comment 2 Simon Lees 2017-08-11 07:30:09 UTC 
Moving to tumbleweed, feel free to close if its no longer relevent
Comment 3 Michael Andres 2017-08-15 16:03:34 UTC 
Common approach is to use 'zypper dup --allow-vendor-change --from REPO'.
But we could also offer it for any install command too.
Comment 4 Benjamin Zeller 2018-07-23 13:33:54 UTC 
https://github.com/openSUSE/zypper/pull/191
Comment 5 Benjamin Zeller 2018-07-24 11:55:05 UTC 
Will be fixed in zypper version >=  1.14.8
Comment 8 Swamp Workflow Management 2018-09-11 19:12:35 UTC 
SUSE-SU-2018:2690-1: An update that solves two vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1036304,1041178,1043166,1045735,1058515,1066215,1070770,1070851,1082318,1084525,1088037,1088705,1091624,1092413,1093103,1096217,1096617,1096803,1099847,1100028,1100095,1100427,1101349,1102019,1102429,408814,428822,907538
CVE References: CVE-2017-9269,CVE-2018-7685
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    libsolv-0.6.35-3.5.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    libsolv-0.6.35-3.5.2, libzypp-17.6.4-3.10.1, zypper-1.14.10-3.7.1
Comment 9 Swamp Workflow Management 2018-09-17 10:12:25 UTC 
openSUSE-SU-2018:2739-1: An update that solves two vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1036304,1041178,1043166,1045735,1058515,1066215,1070770,1070851,1082318,1084525,1088037,1088705,1091624,1092413,1093103,1096217,1096617,1096803,1099847,1100028,1100095,1100427,1101349,1102019,1102429,408814,428822,907538
CVE References: CVE-2017-9269,CVE-2018-7685
Sources used:
openSUSE Leap 15.0 (src):    libsolv-0.6.35-lp150.2.3.1, libzypp-17.6.4-lp150.2.3.1, zypper-1.14.10-lp150.2.3.1
Comment 10 Maintenance Automation 2023-05-18 16:30:02 UTC 
SUSE-RU-2023:2249-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1203248, 1203249, 1208329, 428822
Sources used:
SUSE OpenStack Cloud 9 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE OpenStack Cloud Crowbar 9 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libzypp-16.22.7-48.2
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE Linux Enterprise Server 12 SP5 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): zypper-1.13.64-21.55.2, libzypp-16.22.7-48.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Maintenance Automation 2023-05-18 16:30:11 UTC 
SUSE-RU-2023:2246-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1203248, 1203249, 1208329, 428822
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): libzypp-16.22.7-27.97.2, zypper-1.13.64-18.68.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.