Package: gnome-packagekit Version: 3.4.2-2 Severity: serious Tags: security Justification: gpk-update-viewer does not update package index so falsely says is up to date - security issue.
Dear Maintainer, Having installed debian wheezy rc-1, I was expecting to be notified of updates, or even automatically install them, through gpk-prefs, as my settings were to have it check and automatically install all updates every day. However, I did not get any for a couple of days, and so I clicked "check now" on gpk-prefs and it ran gpk-update-viewer, which told me that my software was up to date. However, it wasn't up to date. I ran apt-get update in the terminal, and then gpk-update-viewer again, and it then did have updates, which I could apply. What I would have expected to happen would be that gpk-update-viewer would resynchronise the package index files when it was run, or at least make it obvious that this hadn't been done and that I should do this. The package index files should definitely be updated hourly/daily/weekly (depending on gpk- prefs), when the updates are checked for. I have put this down as a security issue, as most people probably assume that they will be either notified of (security) updates, or that they will automatically receive them (especially given the settings in gpk-prefs), and that if they go onto update-viewer and are told that all software is up to date they don't need to worry about security updates, but their system won't be up to date. This will mean that people will have avoidable security holes in their system. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnome-packagekit depends on: ii dconf-gsettings-backend [gsettings-backend] 0.12.1-3 ii gnome-packagekit-data 3.4.2-2 ii gnome-settings-daemon 3.4.2+git20121218.7c1322-2 ii libatk1.0-0 2.4.0-2 ii libc6 2.13-38 ii libcairo-gobject2 1.12.2-3 ii libcairo2 1.12.2-3 ii libcanberra-gtk3-0 0.28-6 ii libcanberra0 0.28-6 ii libdbus-1-3 1.6.8-1 ii libdbus-glib-1-2 0.100.1-1 ii libfontconfig1 2.9.0-7.1 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk-3-0 3.4.2-6 ii libnotify4 0.7.5-1 ii libpackagekit-glib2-14 0.7.6-3 ii libpango1.0-0 1.30.0-1 ii libsqlite3-0 3.7.13-1 ii libupower-glib1 0.9.17-1 ii libx11-6 2:1.5.0-1 ii packagekit 0.7.6-3 gnome-packagekit recommends no packages. gnome-packagekit suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org