Re: [SECURITY] [DSA 4371-1] apt security update

To: Emilio Pozuelo Monfort <pochu@debian.org>
Cc: Ben Hutchings <ben@decadent.org.uk>, Debian LTS <debian-lts@lists.debian.org>, Chris Lamb <lamby@debian.org>
Subject: Re: [SECURITY] [DSA 4371-1] apt security update
From: Steve McIntyre <steve@einval.com>
Date: Mon, 28 Jan 2019 00:26:54 +0000
Message-id: <[🔎] 20190128002654.e6irpaft45voz2gy@tack.einval.com>
In-reply-to: <[🔎] 20190127183329.ll2upcm4edj2kfmq@tack.einval.com>
References: <5c4709d6.a00a0.26cab9c7@scapa.corsac.net> <[🔎] 9d114f145f547867968ffcd10b781a785488a613.camel@decadent.org.uk> <[🔎] 20190122135026.vmdjrhuznr7oipl5@tack.einval.com> <[🔎] f2977f17-fe22-c9ba-6ebf-70a2d21c68fc@debian.org> <[🔎] 20190127183329.ll2upcm4edj2kfmq@tack.einval.com>

On Sun, Jan 27, 2019 at 06:33:29PM +0000, Steve McIntyre wrote:
>On Thu, Jan 24, 2019 at 12:39:29PM +0100, Emilio Pozuelo Monfort wrote:
>>
>>Just to clarify: there is no separate -lts suite anymore, so it'd
>>just need to pull from security (which still needs changes as you
>>mentioned).
>>
>>Can you give a pointer to the code where this is done? Perhaps we
>>can help with the necessary code changes if you would welcome that.
>
>There are a few places where debian-cd references the mirror, suite,
>etc. which is a bit awkward here. Thinking about this, the *easiest*
>way to do this would be to use the existing "local" support which can
>pull in a local repo of changed .debs and .udebs on top of the base
>Debian repo access. Simply setting up a local repo with the apt
>packages in wouldn't be too hard here, and would solve the initial
>installation problem. However, it might confuse people a little, and
>I'll admit it might look ugly too.
>
>I'll give it a try now...

And that worked on the first attempt. Using this approach, I've done
jessie builds of the various LTS arches using casulana, the normal CD
build machine. Resulting test output at

  http://cdimage.debian.org/cdimage/.jessie_release/debian-cd/

if you'd like to have a look. I've tested the amd64 netinst with no
network connection (to ensure no updates from elsewhere), and it
happily installed the right version of apt (1.0.9.8.5) seamlessly.

If you're happy with this, let me know and I'll spin a new version
ready for release (version 8.11.1, I guess?).

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
There's no sensation to compare with this
Suspended animation, A state of bliss

Reply to:

References:
- Re: [SECURITY] [DSA 4371-1] apt security update
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: [SECURITY] [DSA 4371-1] apt security update
  - From: Steve McIntyre <steve@einval.com>
- Re: [SECURITY] [DSA 4371-1] apt security update
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Re: [SECURITY] [DSA 4371-1] apt security update
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: [SECURITY] [DSA 4371-1] apt security update
Next by Date: Re: Review and testing phpmyadmin for Jessie LTS
Previous by thread: Re: [SECURITY] [DSA 4371-1] apt security update
Next by thread: Re: [SECURITY] [DSA 4371-1] apt security update
Index(es):
- Date
- Thread