Re: dash pulled on stable when APT::Default-Release is used
On Wed, 29 Jul 2009 19:20:02 +0200, Vincent Danjean wrote:
> Michael S. Gilbert wrote:
> >> Am Mittwoch, den 29.07.2009, 02:25 +0200 schrieb Vincent Danjean:
> >>> Hi,
> >>>
> >>> Since a few days, on a stable machine (with stable, testing and
> >>> unstable sources for apt but APT::Default-Release set to "stable"),
> >>> "apt-get dist-upgrade" wants to install dash.
> >>> Can someone explain me why ? Is it due to the fact that dash is
> >>> essential in unstable ?
>
> > i think the real issue here is that getting dash pushed onto your stable
> > system is a somewhat unwelcome surprise (not that it is necessarily
> > harmful). it will certainly cause some concern for certain
> > security-conscious users since it is not coming from a point release or
> > DSA update, which may lead to paranoia of malicious activity.
>
> You need to have unstable sources in apt for this to occur. A plain
> stable (lenny) system will not see that. It is not really a concern for
> me (the lenny dash that is pulled does not change /bin/sh by default
> and dash is not a big package).
> I was just wondering if this behavior was a feature or a bug. And it
> was also a surprise for me.
it is a bug in the sense that stable's behavior is being unduly
influenced by unstable's "essential packages" list. i would suggest
submitting a report to the bts so the problem can be tracked and
eliminated in future releases.
mike
Reply to: