[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992051: marked as done (security archive layout change needs more configuration changes)

Your message dated Tue, 10 Aug 2021 16:47:07 +0200
with message-id <735ceba2-abd1-e08d-42c9-4a1a785244c1@debian.org>
and subject line Re: Bug#992051: security archive layout change needs more configuration changes
has caused the Debian Bug report #992051,
regarding security archive layout change needs more configuration changes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
992051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992051
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release-notes

Hi,

I just sent this message to the security team, the release notes need
adapting.

Paul

-------- Forwarded Message --------
Subject: security archive layout change warrants announcement
Date: Tue, 10 Aug 2021 07:44:07 +0200
From: Paul Gevers <elbrus@debian.org>
To: Debian Security Team <team@security.debian.org>

Hi security team,

I don't know if you already planned on an announcement after the
bullseye release about the security archive layout change, but below I
urge you to think about it.

Yesterday I noticed that the layout change of the security impacts more
than just the apt *sources* as my system wasn't updating perl,
libencode-perl and exiv2. I already enabled the new security archive
layout a long time ago (and apt will complain when the sources are not
found). I discussed the issue on IRC on #d-release with juliank (apt
upstream). What users *need* to be aware of is that apt pinning (pabs
told me) and APT::Default-Release (found myself) may need adjustments
too, otherwise security updates are not installed.

I'm working on text for the release notes, but I fear a lot of users
will not be reading those and when they upgrade their secure buster
systems and only fix their apt sources, depending on how they configure
their system to follow bullseye, they may easily miss out on security
updates.

I therefore recommend you to send out an security announcement too after
the bullseye release (or whatever you feel is most appropriate)
explaining the layout change and the configuration impact.

Paul
PS: yesterday I learned that APT::Default-Release also supports "POSIX
fnmatch patterns or regular expressions inside /" On suggestion by
juliank I now have this APT::Default-Release myself (which worked for me):
APT::Default-Release "/^bullseye(|-security|-upgrades)$/";

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Hi,

On 10-08-2021 15:10, Justin B Rye wrote:
> Paul Gevers wrote:
>> Do you agree with the attached patch?
> 
> Yes, looks good to me!

Pushed.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: