On Mi, 10 apr 19, 15:40:13, Pierre Fourès wrote: > > I did the test and all went as expected. I got ecryptfs-utils being > installed with the four of its dependencies. One of them, keyutils, is > in 1.5.9-9 in stretch and 1.6.6 in buster. As expected, apt installed > the one from buster. After the install, I then had precisely the same > packages installed in the same versions as what it was before > ecryptfs-utils was removed from buster. This kind of satisfy my « > simple and easy » solution requirement.
Your solution (mix stretch with buster) is pretty safe. Just for your peace of mind, you could provide additional hints to APT like setting Default-Release to "buster". > I just have one minor consideration about this. It was about adding > stretch-security on top of it. In the case ecryptfs would be updated, > I would like to take this upgrade. But I'm not sure this would play > well regarding other packages being in the same version number between > stretch and buster. Version numbers in release-security are specifically chosen to "play nice" with version numbers in release+1 (otherwise full/dist-upgrades wouldn't work), so updating from stretch-security should be safe, even more so with the Default-Release setting proposed above. As an additional safeguard you could also use pinning to tell APT that you only want encryptfs (and dependencies) from stretch (priority 100), and pin the rest of stretch to a lower priority (e.g. 1). One other possibility that I didn't see mentioned in this thread would be to make a forward port to buster of the stretch encryptfs package in case buster diverges too much from stretch and makes it uninstallable. Considering that buster is in deep freeze the probability for this to happen is quite low though. Hope this helps, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature
