Public bug reported: I executed following in terminal
$ sudo apt update && sudo apt dist-upgrade and received following mess: Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done Get more security updates through Ubuntu Pro with 'esm-apps' enabled: vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58 libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56 imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6 vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58 libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7 Learn more about Ubuntu Pro at https://ubuntu.com/pro # # An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1: # CVE-2023-2650: possible DoS translating ASN.1 object identifiers. # Ensure you have updated the package to its latest version. # The following packages have been kept back: gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng The following packages will be upgraded: alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1 gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell gnome-shell-common gnome-shell-extension-prefs initramfs-tools initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1 libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15 libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter mutter-common python3-ubuntutools ruby3.0 thunderbird thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools ubuntu-dev-tools 44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. 11 standard LTS security updates Need to get 136 MB of archives. After this operation, 30,7 kB of additional disk space will be used. Do you want to continue? [Y/n] This has two big problems: (1) Ubuntu Pro ad cannot be disabled which causes lots of extra clutter on the output which will result in *training people to skip reading* the output of dist-upgdade. This is obviously a big problem and to "fix" that problem, new "important" message has been prefixed with "# " to make it more visible. If this trend continues, I'm sure next message will have "##### ***** NOTICE THIS IMPORTANT MESSAGE!!#"!"!!! *****" to make people notice the important part. Command line administrative tools should be about real stuff, not a shouting contest over ads. If you truly think ads should be enforced, keep it to the login message only. (2) The new message is unneeded crap about unspecified openssl package *that I already have installed*! I found this by googling the warning message and finding page https://ubuntu.com/security/CVE-2023-2650 which clearly tells me that jammy has this bug fixed in package openssl version 3.0.2-0ubuntu1.10. If you think that the message about CVE-2023-2650 is important enough to be displayed even if the package has already been installed ("tell friends about this"), then very minimum should be explicitly saying the package name and minimum version with the fix. Only having text "the package" doesn't cut. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: apt 2.4.9 ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17 Uname: Linux 5.19.0-1027-lowlatency x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: MATE Date: Thu Jul 13 13:04:19 2023 InstallationDate: Installed on 2022-03-25 (475 days ago) InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223) RebootRequiredPkgs: Error: path contained symlinks. SourcePackage: apt UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago) ** Affects: apt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/2027674 Title: apt dist-upgrade shows crap messages (really poor user experience) Status in apt package in Ubuntu: New Bug description: I executed following in terminal $ sudo apt update && sudo apt dist-upgrade and received following mess: Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done Get more security updates through Ubuntu Pro with 'esm-apps' enabled: vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58 libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56 imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6 vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58 libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7 Learn more about Ubuntu Pro at https://ubuntu.com/pro # # An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1: # CVE-2023-2650: possible DoS translating ASN.1 object identifiers. # Ensure you have updated the package to its latest version. # The following packages have been kept back: gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng The following packages will be upgraded: alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1 gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell gnome-shell-common gnome-shell-extension-prefs initramfs-tools initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1 libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15 libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter mutter-common python3-ubuntutools ruby3.0 thunderbird thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools ubuntu-dev-tools 44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. 11 standard LTS security updates Need to get 136 MB of archives. After this operation, 30,7 kB of additional disk space will be used. Do you want to continue? [Y/n] This has two big problems: (1) Ubuntu Pro ad cannot be disabled which causes lots of extra clutter on the output which will result in *training people to skip reading* the output of dist-upgdade. This is obviously a big problem and to "fix" that problem, new "important" message has been prefixed with "# " to make it more visible. If this trend continues, I'm sure next message will have "##### ***** NOTICE THIS IMPORTANT MESSAGE!!#"!"!!! *****" to make people notice the important part. Command line administrative tools should be about real stuff, not a shouting contest over ads. If you truly think ads should be enforced, keep it to the login message only. (2) The new message is unneeded crap about unspecified openssl package *that I already have installed*! I found this by googling the warning message and finding page https://ubuntu.com/security/CVE-2023-2650 which clearly tells me that jammy has this bug fixed in package openssl version 3.0.2-0ubuntu1.10. If you think that the message about CVE-2023-2650 is important enough to be displayed even if the package has already been installed ("tell friends about this"), then very minimum should be explicitly saying the package name and minimum version with the fix. Only having text "the package" doesn't cut. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: apt 2.4.9 ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17 Uname: Linux 5.19.0-1027-lowlatency x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: MATE Date: Thu Jul 13 13:04:19 2023 InstallationDate: Installed on 2022-03-25 (475 days ago) InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223) RebootRequiredPkgs: Error: path contained symlinks. SourcePackage: apt UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2027674/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp