[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some myths regarding apt pinning

On Fri, Jan 24, 2003 at 02:59:17PM +0100, Adrian Bunk wrote:
> From a security point of view woody + libc6 from unstable is worse than 
> any other possibility. Consider there's another security bug in libc6. 
> The fixed version for stable has a lower version number than the version 
> on your system and you won't get the update.

If I am not mistaken, it is possible to avoid this 
worst case scenario by appropriately setting up apt's
preferences.  Suppose I set the priorities of distributions
as follows
    stable 900
    testing 800
    unstable 700
and, starting with a woody system, upgrade a single package
foo to version vvv from unstable
    apt-get -t unstable install foo
which pulls in unstable libc6.  Later when I do
    apt-get dist-upgrade
apt will upgrade most packages from stable but will 
upgrade foo from unstable, or from testing if version vvv
has made it into testing; and likewise libc6.

Thomas Hood <jdthood0@yahoo.co.uk>

Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts

Reply to: