[pca] Wrong patches downloaded

Martin Paul martin at par.univie.ac.at
Mon Dec 15 10:58:17 CET 2008 

Ron,

Sorry for the delay ..

> As you can see, they are for Solaris 2.6 and 7. not Solaris 8. How did 
> this happen?

Mike already explained how this can happen; it's wrong or incomplete 
information in the patchdiag.xref file which causes this. It's actually 
wrong (by Sun) to use the same package on all versions of Solaris, but 
later produce different patches, one for each Solaris release. If the 
package is the same, the same patch could be used as well.

Anyway - in such a case I add a workaround for the affected patches to 
pca so that these patches are handled correctly. I've done that for 
those you showed (and at the same time I've checked and corrected all 
"Sun Management Center" patches). Please get the "develop" version of 
pca from http://www.par.univie.ac.at/solaris/pca/installation.html and 
let me know if it works correctly now.

> In order to use my pca wrapper scripts in production, I must prove to
 > management that pca is "perfect". I believe I can convince my boss that
> this is so, but I would like to know the cause.

Look for perfection in any piece of software which is more complicated 
than "Hello, world!" will be an interesting task :)

The explanation for pca's behaviour is simple. When looking for patches 
which (might) apply to a system pca always chooses a safe approach of 
better listing a patch that doesn't apply (false positive) than not 
listing a patch which might apply (false negative).

False positives are easy to handle - when trying to install them, 
patchadd will fail. You can then report the problem to me, I'll add a 
workaround to pca and the issue is fixed not only for you but for *all* 
users of pca.

A false negative is a thing which IMHO must not happen with any patch 
tool. It means that a patch which is needed for a system is not shown to 
you, so you never find out that a problem hasn't been fixed if you trust 
the tool. This was one the main issues why I didn't rely in Sun's tools 
anymore and wrote my own. I've done multiple comparisons of pca vs. 
smpatch in the past, and always found false negatives in smpatch. I 
heard that it got better recently, but when trust is gone, it's gone and 
hard to regain.

So what you *can* tell to your boss is not that it's perfect, but that 
it's safe and if a problem shows up, it gets fixed immediately.

Hope that helps,

Martin.

More information about the pca mailing list