Public bug reported:
I executed following in terminal
$ sudo apt update && sudo apt dist-upgrade
and received following mess:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc
imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java
libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy
libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58
libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56
imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6
vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter
libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58
libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7
Learn more about Ubuntu Pro at https://ubuntu.com/pro
#
# An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
# CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
# Ensure you have updated the package to its latest version.
#
The following packages have been kept back:
gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher
speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng
The following packages will be upgraded:
alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1
gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell
gnome-shell-common gnome-shell-extension-prefs initramfs-tools
initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1
libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15
libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients
libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter
libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd
libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter
mutter-common python3-ubuntutools ruby3.0 thunderbird
thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools
ubuntu-dev-tools
44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
11 standard LTS security updates
Need to get 136 MB of archives.
After this operation, 30,7 kB of additional disk space will be used.
Do you want to continue? [Y/n]
This has two big problems:
(1) Ubuntu Pro ad cannot be disabled which causes lots of extra clutter
on the output which will result in *training people to skip reading* the
output of dist-upgdade. This is obviously a big problem and to "fix"
that problem, new "important" message has been prefixed with "# " to
make it more visible. If this trend continues, I'm sure next message
will have "##### ***** NOTICE THIS IMPORTANT MESSAGE!!#"!"!!! *****" to
make people notice the important part. Command line administrative tools
should be about real stuff, not a shouting contest over ads. If you
truly think ads should be enforced, keep it to the login message only.
(2) The new message is unneeded crap about unspecified openssl package
*that I already have installed*! I found this by googling the warning
message and finding page https://ubuntu.com/security/CVE-2023-2650 which
clearly tells me that jammy has this bug fixed in package openssl
version 3.0.2-0ubuntu1.10.
If you think that the message about CVE-2023-2650 is important enough to be
displayed even if the package has already been installed ("tell friends about
this"), then very minimum should be explicitly saying the package name and
minimum version with the fix. Only having text "the package" doesn't cut.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: apt 2.4.9
ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17
Uname: Linux 5.19.0-1027-lowlatency x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: MATE
Date: Thu Jul 13 13:04:19 2023
InstallationDate: Installed on 2022-03-25 (475 days ago)
InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: apt
UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago)
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2027674
Title:
apt dist-upgrade shows crap messages (really poor user experience)
Status in apt package in Ubuntu:
New
Bug description:
I executed following in terminal
$ sudo apt update && sudo apt dist-upgrade
and received following mess:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc
imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java
libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy
libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58
libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56
imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6
vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter
libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58
libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7
Learn more about Ubuntu Pro at https://ubuntu.com/pro
#
# An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
# CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
# Ensure you have updated the package to its latest version.
#
The following packages have been kept back:
gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher
speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng
The following packages will be upgraded:
alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1
gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell
gnome-shell-common gnome-shell-extension-prefs initramfs-tools
initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1
libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15
libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients
libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter
libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd
libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter
mutter-common python3-ubuntutools ruby3.0 thunderbird
thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools
ubuntu-dev-tools
44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
11 standard LTS security updates
Need to get 136 MB of archives.
After this operation, 30,7 kB of additional disk space will be used.
Do you want to continue? [Y/n]
This has two big problems:
(1) Ubuntu Pro ad cannot be disabled which causes lots of extra
clutter on the output which will result in *training people to skip
reading* the output of dist-upgdade. This is obviously a big problem
and to "fix" that problem, new "important" message has been prefixed
with "# " to make it more visible. If this trend continues, I'm sure
next message will have "##### ***** NOTICE THIS IMPORTANT
MESSAGE!!#"!"!!! *****" to make people notice the important part.
Command line administrative tools should be about real stuff, not a
shouting contest over ads. If you truly think ads should be enforced,
keep it to the login message only.
(2) The new message is unneeded crap about unspecified openssl package
*that I already have installed*! I found this by googling the warning
message and finding page https://ubuntu.com/security/CVE-2023-2650
which clearly tells me that jammy has this bug fixed in package
openssl version 3.0.2-0ubuntu1.10.
If you think that the message about CVE-2023-2650 is important enough to be
displayed even if the package has already been installed ("tell friends about
this"), then very minimum should be explicitly saying the package name and
minimum version with the fix. Only having text "the package" doesn't cut.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: apt 2.4.9
ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17
Uname: Linux 5.19.0-1027-lowlatency x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: MATE
Date: Thu Jul 13 13:04:19 2023
InstallationDate: Installed on 2022-03-25 (475 days ago)
InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: apt
UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2027674/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
