Bug#913913: security.debian.org: bullseye security updates may be silently skipped on systems using apt pinning

Sun, 07 Jul 2019 04:45:48 -0700 

On Sun, 7 Jul 2019 09:30:13 +0200 Piotr Engelking <inkerma...@gmail.com> wrote:
> Package: security.debian.org
> Severity: normal
> Tags: security
> 
> With the release of buster, testing security updates switched from
> Suite: testing to Suite: testing-security. This silently breaks
> security updates on systems using apt pinning to elevate the priority
> of testing packages.
> 
> Also, bug #913913 makes this already non-obvious configuration problem
> even harder for users to discover and to correctly fix.
> 
> Please consider reverting this change.

Hello,
I am another user hit by this issue:


  # cat /etc/apt/sources.list
  deb http://deb.debian.org/debian testing main
  deb http://deb.debian.org/debian unstable main
  
  deb http://deb.debian.org/debian-security testing-security main
  # cat /etc/apt/preferences
  Package: *
  Pin: release o=Debian,a=testing
  Pin-Priority: 800
  # apt update
  Hit:1 http://deb.debian.org/debian testing InRelease
  Hit:2 http://deb.debian.org/debian unstable InRelease
  Hit:3 http://deb.debian.org/debian-security testing-security InRelease
  Reading package lists... Done
  Building dependency tree       
  Reading state information... Done
  All packages are up to date.
  # apt policy 
  Package files:
   100 /var/lib/dpkg/status
       release a=now
   500 http://deb.debian.org/debian unstable/main amd64 Packages
       release o=Debian,a=unstable,n=sid,l=Debian,c=main,b=amd64
       origin deb.debian.org
   800 http://deb.debian.org/debian testing/main amd64 Packages
       release o=Debian,a=testing,n=bullseye,l=Debian,c=main,b=amd64
       origin deb.debian.org
  Pinned packages:


Now, I would like to debug my Pin-Priority setup (see also bug
[#931524]), but "apt policy" says nothing about the Pin-Priority assigned to
"deb http://deb.debian.org/debian-security testing-security main"!

How can I check what Pin-Priority apt assigns to a repository which
does not yet include any packages?
How can I look at what values it sees for the "o", "a", "n", "l", "c",
and "b" fields of such a repository?

I need to do so, *before* some packages become available with the
*wrong* Pin-Priority!


Please let "apt policy" also show empty sources along with their
Pin-Priority and field values.
Or, otherwise, please implement a command-line option to get this
additional output.

Thanks for your time and dedication!
Bye.



[#931524]: <https://bugs.debian.org/931524>

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpf_GbnXzOiZ.pgp
Description: PGP signature

Reply via email to