[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some myths regarding apt pinning

On Sam, 2003-01-25 at 13:25, Thomas Hood wrote:
> On Fri, Jan 24, 2003 at 02:59:17PM +0100, Adrian Bunk wrote:
> > From a security point of view woody + libc6 from unstable is worse than 
> > any other possibility. Consider there's another security bug in libc6. 
> > The fixed version for stable has a lower version number than the version 
> > on your system and you won't get the update.

> apt will upgrade most packages from stable but will 
> upgrade foo from unstable, or from testing if version vvv
> has made it into testing; and likewise libc6.

That's exactly the problem Adrian points out: libc6 from unstable might
not contain the fix yet, and libc6 from testing will very probably not
contain the fix. libc6 from woody would, but you'll not get this
upgrade. And downgrading libc6 is a bit risky, and you'll be forced to
uninstall all unstable/testing software if you install the libc6 from

But, as I argued in my previous mail, if you are aware of these
consequences and are prepared to deal with it, then apt pinning is
something really good.

(oh, and: you probably should use dist-upgrade normally. Just use
upgrade. dist-upgrade should only be used if you really do a dist
upgrade, potato->woody or so).

-- vbi

featured link: http://fortytwo.ch/smtp

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: