Package: apt Version: 2.2.2 Severity: minor Hi,
when doing apt update, InRelease files seem to be downloaded and upgraded in place. While this happens, the file's owner/mode changes from root:root 644 to _apt:root 640 and back after a few seconds. A simultaneously running aide (https://tracker.debian.org/pkg/aide) process might pick this up and put it in a report. This has actually happened (I have a black thumb for software). While the file is still identical after the download, triggering this behavior is somewhat unlikely, but I would still prefer if apt downloaded InRelease files to a temporary file name and then rename the new file in place iff the new contents differs fromt the old one (keeping even the inode number the same in the 'did not change' case). I did a few tests and have only found this behavior for InRelease files. But of course, I'd love to have this behavior for all flies that apt downloads and keeps around during its operation. This is by no means somthing that needs to be fixed before the bullseye release. Thanks for your consideration! Greetings Marc -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.11.10-zgws1 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apt depends on: ii adduser 3.118 ii debian-archive-keyring 2021.1.1 ii gpgv 2.2.27-1 ii libapt-pkg6.0 2.2.2 ii libc6 2.31-10 ii libgcc-s1 10.2.1-6 ii libgnutls30 3.7.1-1 ii libseccomp2 2.5.1-1 ii libstdc++6 10.2.1-6 ii libsystemd0 247.3-3 Versions of packages apt recommends: ii ca-certificates 20210119 Versions of packages apt suggests: ii apt-doc 2.2.2 ii aptitude 0.8.13-3 ii dpkg-dev 1.20.7.1 ii gnupg 2.2.27-1 ii gnupg2 2.2.27-1 ii powermgmt-base 1.36 -- no debconf information