Re: Stable repository ambiguous?
On Mon, Aug 27, 2007 at 01:37:04PM +0200, Roland Stigge wrote:
> Steve Langasek wrote:
> > I don't see any evidence of this old package version on
> > security.debian.org. There's something strange in the user's apt-cache
> > policy, though; where are the priority lines for each of the
> > configured apt sources? Definitely looks like local breakage to me.
> > Anyway, "apt-cache policy dia" would at least tell where the broken
> > version of dia is coming from.
> Testing it myself, I added
> deb http://security.debian.org/ etch/updates main contrib non-free
> to /etc/apt/sources.list
> # apt-cache policy dia
> Installed: 0.96.1-4
> Candidate: 0.96.1-4
> Version table:
> *** 0.96.1-4 0
> 100 /var/lib/dpkg/status
> 0.96.1-3 0
> 500 file: sid/main Packages
> 0.95.0-4.1+b1 0
> 500 http://ftp.de.debian.org etch/main Packages
> 0.94.0-17.1etch1 0
> 500 http://security.debian.org etch/updates/main Packages
> Is this enough evidence? Further, it is listed as the "Stable Security
> Updates" version at http://packages.qa.debian.org/d/dia.html although
> lower version than the stable (0.95.0-4.1) one.
Ok, this is architecture-specific breakage; this doesn't affect amd64, but
it does affect some other architectures such as i386 and powerpc. (On
amd64, I see dia-common, which is arch: all, but not dia itself.)
Anyway, you'll need to take this up with the security team, there's nothing
the release team can do to fix broken packages being made available from
security.d.o. As for the user's original problem, he probably has a new
version of dia-libs installed that apt is refusing to downgrade? "apt-get
install dia dia-libs" might make the problem clearer.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.