Re: RFC: raising ca-certificates package Priority to standard or important
Hi Antonio,
On Thu, Jan 21, 2021 at 02:47:25PM -0300, Antonio Terceiro wrote:
> On Thu, Jan 21, 2021 at 03:10:47PM +0100, Julien Cristau wrote:
> > And which of standard or important made most sense (AIUI, standard
> > means "installed by default in d-i" and important means "installed by
> > default in debootstrap").
>
> wget is already Priority: standard and recommends ca-certificates, so it
> seems to me that making it standard would be a noop in practice for most
> of the systems installed by d-i.
>
> On the other hand, all cases that I remember seeing a problem caused by
> missing ca-certificates was in systems not installed by d-i, such as
> containers, vm images, etc. Based on that, I would make it important.
Here's my thinking on this:
I would expect "standard" to get installed on "general purpose" VM
images, and "important" *not* to get installed on "minimal" container or
VM images. Looking at the docker debian image build script just now[1],
it seems to pull in required packages + iproute2 and ping, so it has its
own selection that doesn't include "important" priority. So changing
the severity, by itself, won't change anything unless we go all the way
to "required" which feels like it'd be going too far (but then I also
don't think apt should be "required").
If there are specific examples where you think "important" would help
I'd be interested; right now I'm sort of favouring "standard" as good
enough.
[1] https://github.com/debuerreotype/debuerreotype/blob/master/examples/debian.sh
Cheers,
Julien
Reply to: