Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
On Mon, Jul 8, 2019 at 11:41:55 +0200, Julian Andres Klode wrote:
> On Mon, Jul 08, 2019 at 10:17:27AM +0200, Julien Cristau wrote:
> > Control: severity -1 serious
> >
> > On Mon, Jul 08, 2019 at 09:11:48AM +0200, Christoph Berg wrote:
> > > Control: tags -1 buster sid
> > >
> > > Re: To Debian Bug Tracking System 2019-07-07 <[🔎] 20190707183910.GA22754@msg.df7cb.de>
> > > > Please consider setting Acquire::AllowReleaseInfoChange::Suite "true";
> > >
> > > Fwiw, I think this needs fixing in buster, not just in unstable.
> > >
> > Agree. The user experience from this is horrible.
>
> We'll figure out what to do. That said, let's not rush things,
> we've got until the next release to figure out what to do and
> fix it (a fix does not help anyone affected by the change right
> now anyway).
>
> We likely do not want to allow arbitrary changes of Suite. One
> option is to introduce a new field that specifies that the Suite
> field will change to something else soon, and a field to indicate
> release notes for that change.
>
> These are important security and safety features we don't just want
> to kill because they are inconvenient. (The big reason this was
> introduced is that if you allow this to change, you can just serve
> someone an "old" oldstable repository (that still says stable) instead
> of stable, and thus starve the clients from updates).
>
How does the current behaviour fix that? If you replay an old repo the
user is still starved from updates (how could they not be, anyway). But
in addition now users using a legitimate repo are *also* starved from
updates, so everyone loses?
Cheers,
Julien
Reply to: