Re: 3.0r2 or hacked packages?

[Santiago Vila <sanvila@unex.es>]

On Sun, 23 Nov 2003, Lupe Christoph wrote:

> Last night my apt-get update ... oicked up a number of unexpected
> packages:
>
> The following packages will be upgraded
>   bsdutils console-data debianutils mount nano procmail procps util-linux util-linux-locales zlib1g zlib1g-dev
> 11 packages upgraded, 0 newly installed, 0 to remove and 0  not upgraded.
> Need to get 2743kB of archives. After unpacking 96.3kB will be used.
> Get:1 http://ftp.de.debian.org stable/main bsdutils 1:2.11n-7 [39.5kB]
> Get:2 http://ftp.de.debian.org stable/main debianutils 1.16.2woody1 [32.9kB]
> Get:3 http://ftp.de.debian.org stable/main mount 2.11n-7 [99.3kB]
> Get:4 http://ftp.de.debian.org stable/main util-linux 2.11n-7 [330kB]
> Get:5 http://ftp.de.debian.org stable/main console-data 1999.08.29-24.2 [869kB]
> Get:6 http://ftp.de.debian.org stable/main nano 1.0.6-3 [184kB]
> Get:7 http://ftp.de.debian.org stable/main procps 1:2.0.7-8.woody1 [145kB]
> Get:8 http://ftp.de.debian.org stable/main procmail 3.22-5 [136kB]
> Get:9 http://ftp.de.debian.org stable/main zlib1g-dev 1:1.1.4-1.0woody0 [218kB]
> Get:10 http://ftp.de.debian.org stable/main zlib1g 1:1.1.4-1.0woody0 [44.1kB]
> Get:11 http://ftp.de.debian.org stable/main util-linux-locales 2.11n-7 [646kB]
>
> The packages are not from stable/updates but from stable/main. I'm
> wondering if one of the people who cracked the servers managed to
> smuggle something "interesting" into the archives.
>
> Or is this just 3.0r2-to-be?
>
> I'm always worried when I see updates for stable without an
> announcement.
>
> Please enlighten me. ;-)

Debian 3.0r2 is made from security updates at security.debian.org
plus some important bugfixes from "proposed-updates" at ftp.debian.org.

There are not DSA announcements for the latter but they are announced
in debian-changes.