On Sun, May 05, 2019 at 05:05:11PM +0200, Ingo Schwarze wrote:

Consus wrote on Fri, May 03, 2019 at 02:24:10PM +0300:

Maybe it's a good idea to note this on the upgrade page? Something like
"the upgrade procedure may leave some files behing; you can manually
clean them up using sysclean package"?


For example, it is definitely useful to remove stale Perl libraries.
It is also useful for stale header files if you compile software
from source.  It is useful (but not terribly important) for stale
manual pages.  It is usually detrimental for old versions of shared
libraries, unless you are *really* short on disk space (which is getting
less common nowadays) *and* you are very careful.

For most use cases, we do not recommend using sysclean.

I think there's a less common scenario not covered in this thread.
Suppose you have locally-compiled binaries, linked to previous versions
of libraries, belonging to an older version of the OS.  Those libs will
never get patched after you upgrade, so any vulnerabilities they expose
will remain exploitable in the binaries linked to them.

Reply via email to