Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?
On Sat, Jul 22, 2023 at 03:56:02PM +0800, Paul Wise wrote: > You will have to ask the apt developers and archive admins about this, > but at the end of the day reverting it is unlikely to happen, so > probably it is something everyone will just have to learn to live with. What about to add a warning to apt if *-security or *-updates is configured in the sources list and `APT::Default-Release` is set but does not match the security or updates repo? Best regards Hannes
Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?
Hi Paul, On Sat, Jul 22, 2023 at 03:56:02PM +0800, Paul Wise wrote: > > One mention I found is in Raphaël and Roland's DAH (now in CC): > > https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade > > Probably better to file a bug about this, so it is tracked. Ah, I didn't realise debian-handbook has a package in the archive :) Done, Bug#1041706: debian-handbook: Wrong advice on APT::Default-Release preventing security updates. > > What I don't understand is why the security repo codename wasn't changed to > > $codename/security? Wouldn't that be handled correctly by APT? Unless the > > /update string in particular had special handling? > > You will have to ask the apt developers and archive admins about this, > but at the end of the day reverting it is unlikely to happen, so > probably it is something everyone will just have to learn to live with. I've had a quick look at the apt code now and indeed it seems to handle $codename/$whatever as equivalent to $codename, see metaIndex::CheckDist. I don't see why we couldn't revert this change. Anybody who's applied the hack from the bullseye release-notes will be unaffected as the regex will still match a plain code/suite-name but people who never applied this advice will get their security updates back. I've sent a bug to apt as well, just about the doc references for now: Bug#1041708: apt: Manpages have wrong advice on APT::Default-Release preventing security updates. Who do I contact about the archive aspects? FTP-master or the security-team? The security-team is in CC on the doc bugs so I'm hoping they will see it anyway. Thanks, --Daniel
Re: Upcoming stable point release (12.1)
On Wed, Jun 28, 2023 at 08:24:31PM +0100, Jonathan Wiltshire wrote: > The first point release for "bookworm" (12.1) is scheduled for Saturday, > July 22nd. Processing of new uploads into bookworm-proposed-updates will be > frozen during the preceding weekend. The archive side of the point release has now finished, and packages should start appearing on mirrors shortly. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1 signature.asc Description: PGP signature
Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?
On Fri, 2023-07-21 at 11:04 +0200, Daniel Gröber wrote: > Do you have any references on how this decision came to be? I think it was about making the suite naming more intuitive, consistent with other suites and possibly also some dak implementation concerns. > One mention I found is in Raphaël and Roland's DAH (now in CC): > https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade Probably better to file a bug about this, so it is tracked. > The places I'm most concerned about, people's brains and random web sites, > aren't so easily fixed unfortunately. Advice to set this is splattered all > over the web, I really don't understand why we made a change so seemingly > ill advised as this? > > A web search for "Debian Default-Release security" didn't reveal anything > talking about this problem, especially not our release notes, so I think > this change didn't get the publicity it deserves at the very least. > > What I don't understand is why the security repo codename wasn't changed to > $codename/security? Wouldn't that be handled correctly by APT? Unless the > /update string in particular had special handling? You will have to ask the apt developers and archive admins about this, but at the end of the day reverting it is unlikely to happen, so probably it is something everyone will just have to learn to live with. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
