Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?
Hi Paul,
On Fri, Jul 21, 2023 at 10:17:28AM +0800, Paul Wise wrote:
> On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote:
>
> > It seems packages from the debian-security repository are not affected by
> > this increased priority and will not get intalled as a result.
>
> This was documented in the release notes for Debian bullseye:
>
> https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
Now that you mention it I remember reading this and getting quite
irritated. Probably why I forgot about it.
Do you have any references on how this decision came to be?
> I have updated a few wiki pages that mention APT::Default-Release too.
>
> https://wiki.debian.org/DebianUnstable?action=diff&rev1=144&rev2=145
> https://wiki.debian.org/DebianEdu/Status/Bullseye?action=diff&rev1=107&rev2=108
> https://wiki.debian.org/Wajig?action=diff&rev1=20&rev2=21
> https://wiki.debian.org/FunambolInstallation?action=diff&rev1=9&rev2=10
>
> If there is other documentation of APT::Default-Release that should get
> updated, please let us know so that we can fix it.
One mention I found is in Raphaël and Roland's DAH (now in CC):
https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade
The places I'm most concerned about, people's brains and random web sites,
aren't so easily fixed unfortunately. Advice to set this is splattered all
over the web, I really don't understand why we made a change so seemingly
ill advised as this?
A web search for "Debian Default-Release security" didn't reveal anything
talking about this problem, especially not our release notes, so I think
this change didn't get the publicity it deserves at the very least.
What I don't understand is why the security repo codename wasn't changed to
$codename/security? Wouldn't that be handled correctly by APT? Unless the
/update string in particular had special handling?
Thanks,
--Daniel
Reply to: