Ron, Sorry for the delay ..
As you can see, they are for Solaris 2.6 and 7. not Solaris 8. How did this happen?
Mike already explained how this can happen; it's wrong or incomplete information in the patchdiag.xref file which causes this. It's actually wrong (by Sun) to use the same package on all versions of Solaris, but later produce different patches, one for each Solaris release. If the package is the same, the same patch could be used as well.
Anyway - in such a case I add a workaround for the affected patches to pca so that these patches are handled correctly. I've done that for those you showed (and at the same time I've checked and corrected all "Sun Management Center" patches). Please get the "develop" version of pca from http://www.par.univie.ac.at/solaris/pca/installation.html and let me know if it works correctly now.
In order to use my pca wrapper scripts in production, I must prove to
> management that pca is "perfect". I believe I can convince my boss that
this is so, but I would like to know the cause.
Look for perfection in any piece of software which is more complicated than "Hello, world!" will be an interesting task :)
The explanation for pca's behaviour is simple. When looking for patches which (might) apply to a system pca always chooses a safe approach of better listing a patch that doesn't apply (false positive) than not listing a patch which might apply (false negative).
False positives are easy to handle - when trying to install them, patchadd will fail. You can then report the problem to me, I'll add a workaround to pca and the issue is fixed not only for you but for *all* users of pca.
A false negative is a thing which IMHO must not happen with any patch tool. It means that a patch which is needed for a system is not shown to you, so you never find out that a problem hasn't been fixed if you trust the tool. This was one the main issues why I didn't rely in Sun's tools anymore and wrote my own. I've done multiple comparisons of pca vs. smpatch in the past, and always found false negatives in smpatch. I heard that it got better recently, but when trust is gone, it's gone and hard to regain.
So what you *can* tell to your boss is not that it's perfect, but that it's safe and if a problem shows up, it gets fixed immediately.
Hope that helps, Martin.
