Re: apt 0.6 in experimental

To: debian-devel@lists.debian.org
Cc: 203741@bugs.debian.org
Subject: Re: apt 0.6 in experimental
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 28 Dec 2003 14:28:18 -0800
Message-id: <[🔎] 20031228222818.GX17472@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org, 203741@bugs.debian.org
In-reply-to: <[🔎] 20031228211822.GT17472@alcor.net>
References: <[🔎] 20031226234444.GN17472@alcor.net> <[🔎] 20031227164756.GC7060@kitenet.net> <[🔎] 20031227204642.GW17472@alcor.net> <[🔎] 20031228172627.GA18792@kitenet.net> <[🔎] 20031228183247.GA20300@kitenet.net> <[🔎] 20031228211822.GT17472@alcor.net>

On Sun, Dec 28, 2003 at 01:18:22PM -0800, Matt Zimmerman wrote:

> On Sun, Dec 28, 2003 at 01:32:47PM -0500, Joey Hess wrote:
> 
> > With apt 0.6.1, I have this in sources.list:
> > 
> > deb http://http.us.debian.org/debian/ ../project/experimental main contrib non-free
> > 
> > I thought that apt was supposed to auto-pin experimental to not upgrade
> > to packages in it automatically. However:
> > 
> > joey@dragon:~>apt-cache policy diff
> > diff:
> >   Installed: 2.8.1-6
> >   Candidate: 2.8.4-0.0
> >   Version Table:
> >      2.8.4-0.0 0
> >         500 http://http.us.debian.org ../project/experimental/main Packages
> >  *** 2.8.1-6 0
> >         500 http://http.us.debian.org unstable/main Packages
> >         100 /var/lib/dpkg/status
> > 
> > And indeed it wants to download diff and several other packages from
> > experimental. I downgraded to apt 0.5.17, and it behaves the same. Am I
> > wrong about the default experimental pinning?
> 
> OK, I can reproduce this.  The problem is that it is looking for
> experimental/binary-$(ARCH)/main/Release (which isn't downloaded) rather
> than experimental/Release (which is).  This might require some changes, but
> is fixable.

So here's the deal.

apt 0.5 downloads dists/<dist>/<section>/<binary,source>/Release for use in
policy calculations.  apt 0.6 does not download that file at all, and
downloads dists/<dist>/Release for use in authentication.  However, 0.6
still tries to read dists/<dist>/<section>/<binary,source>/Release, which
has not been downloaded.

This could be fixed one of two ways:

1. Use dists/<dist>/Release for both purposes (authentication and pinning).
This is trivial, and works fine for the Debian archive (dists/<dist>/Release
is more or less a superset of
dists/<dist>/<section>/<binary,source>/Release), but could have unknown
effects for third-party repositories which provide per-section Release
files.

2. Continue to download them all.  This requires some further changes to the
apt-secure code.

Personally, I find the distinction between these two types of Release files
to be confusing, and would prefer (1) as it is much simpler.  However, I
don't know whether there is a rationale for why things were done as they
were for apt-secure, and whether the top-level Release file is intended to
replace the others.

Suggestions?

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>

References:
- apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: apt 0.6 in experimental
Next by Date: Re: apt 0.6 in experimental
Previous by thread: Re: apt 0.6 in experimental
Next by thread: Re: apt 0.6 in experimental
Index(es):
- Date
- Thread