On 01.12.22 10:03, Paul Wise wrote:
On Fri, 2022-11-25 at 12:46 +0100, Bastian Venthur wrote:On 21.11.22 00:18, Paul Wise wrote:anacron might be disabled if 2.3-33 was ever installed[...] I'm having trouble assessing the severity of the situation. Is more or less everyone affected who uses unstable? If yes, how do we mitigate?Every system with task-laptop, parl-desktop, ipmiutil or octavia-agent will have anacron. There are also recommends from task-desktop, cinnamon-core, email-reminder. The other reverse deps are alternatives. The problematic anacron version was in unstable from 2022-07-13 to 2022-09-04 and in testing from 2022-07-20 to 2022-09-05, as that is ~1.5 months, probably most unstable/testing anacron installs are affected, since they probably did an upgrade during that time. https://tracker.debian.org/pkg/anacron
Thanks for the analysis!
Don't think the majority of users reads the announcement mails.The maintainer has stated that they don't intend any further actions, so I thought it important that the issue be announced more widely.
Good call, thank you!
So this was also announced via debian-user and micronews, but I suspect you are right that not all unstable/testing users will hear about it.
I agree. I'd go even further and assume not even the majority of users follows these channels so most of them are likely to be affected.
I wonder if there's an easy fix here, like a new version of anacron that adds a check for this particular issue, offering to fix it during upgrade of the package.
Cheers, Bastian -- Dr. Bastian Venthur https://venthur.de Debian Developer venthur at debian org