Bug#707002: unattended-upgrades shouldn't install packages from a newer Debian release with the default configuration

2013-05-16 Thread Michael Vogt 
On Mon, May 06, 2013 at 11:05:57PM +0400, Evgeny Kapun wrote:
 Package: unattended-upgrades
 Version: 0.80~exp2

Thanks for your bugreport.
 
 With the default configuration file package selection will be done based on 
 Suite, not Codename:
 
 /etc/apt/apt.conf.d/50unattended-upgrades:
 ...
 Unattended-Upgrade::Origins-Pattern {
 ...
 origin=Debian,archive=stable,label=Debian-Security;
 };
 ...
 
 This means that, after a new Debian release migrates to stable, 
 unattended-upgrades will happily install packages from that new release. 
 Security updates are intended to not break anything, but only if the update 
 is for the same Debian release. I think the default configuration should 
 contain something like this instead:
 
 ...
 origin=Debian,codename=${distro_codename},label=Debian-Security;
 ...
 
 This way, only updates for the current release will be installed, and the 
 administrator wouldn't need to edit the configuration file each time a new 
 Debian version is released.

Indeed, a good point. Fixed in bzr and it will be part of the next
upload.

Cheers,
 Michael


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#707002: unattended-upgrades shouldn't install packages from a newer Debian release with the default configuration

2013-05-06 Thread Evgeny Kapun 
Package: unattended-upgrades
Version: 0.80~exp2

With the default configuration file package selection will be done based on 
Suite, not Codename:

/etc/apt/apt.conf.d/50unattended-upgrades:
...
Unattended-Upgrade::Origins-Pattern {
...
origin=Debian,archive=stable,label=Debian-Security;
};
...

This means that, after a new Debian release migrates to stable, 
unattended-upgrades will happily install packages from that new release. 
Security updates are intended to not break anything, but only if the update is 
for the same Debian release. I think the default configuration should contain 
something like this instead:

...
origin=Debian,codename=${distro_codename},label=Debian-Security;
...

This way, only updates for the current release will be installed, and the 
administrator wouldn't need to edit the configuration file each time a new 
Debian version is released.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org