Re: dash pulled on stable when APT::Default-Release is used
Michael S. Gilbert wrote:
>> Am Mittwoch, den 29.07.2009, 02:25 +0200 schrieb Vincent Danjean:
>>> Since a few days, on a stable machine (with stable, testing and
>>> unstable sources for apt but APT::Default-Release set to "stable"),
>>> "apt-get dist-upgrade" wants to install dash.
>>> Can someone explain me why ? Is it due to the fact that dash is
>>> essential in unstable ?
> i think the real issue here is that getting dash pushed onto your stable
> system is a somewhat unwelcome surprise (not that it is necessarily
> harmful). it will certainly cause some concern for certain
> security-conscious users since it is not coming from a point release or
> DSA update, which may lead to paranoia of malicious activity.
You need to have unstable sources in apt for this to occur. A plain
stable (lenny) system will not see that. It is not really a concern for
me (the lenny dash that is pulled does not change /bin/sh by default
and dash is not a big package).
I was just wondering if this behavior was a feature or a bug. And it
was also a surprise for me.
> perhaps an announcement should be made to state that this action is
> expected and ok.
Vincent Danjean GPG key ID 0x9D025E87 email@example.com
GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87
Unofficial pacakges: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://perso.debian.org/~vdanjean/debian unstable main