Re: non-stable packages infestation
On Sun, Apr 26, 2015 at 2:22 AM, Teresa e Junior
<teresaejunior@gmail.com> wrote:
> On Sat, 25 Apr 2015 19:16:24 -0400, Kynn Jones wrote:
>>
>> On Sat, Apr 25, 2015 at 6:39 PM, Teresa e Junior
>> <teresaejunior@gmail.com> wrote:
>>>
>>> On Sat, 25 Apr 2015 17:35:29 -0400, Kynn Jones wrote:
>>>>
>>>> $ apt-cache policy sudo
>>>> sudo:
>>>> Installed: 1.8.5p2-1+nmu2
>>>> Candidate: 1.8.5p2-1+nmu2
>>>> Version table:
>>>> *** 1.8.5p2-1+nmu2 0
>>>> 100 /var/lib/dpkg/status
>>>> 1.8.5p2-1+nmu1 0
>>>> 500 http://debian.csail.mit.edu/debian/ stable/main amd64
>>>> Packages
>>>> 500 http://ftp.us.debian.org/debian/ stable/main amd64
>>>> Packages
>>>
>>>
>>> If you disable a repository, its packages will appear as if they were
>>> locally installed (/var/lib/dpkg/status).
>>
>>
>> Thanks, that's good to know. I did disable a repo I'd used for
>> backports, but replaced with another (I was not being able to connect
>> reliably to the first one).
>
> Backports may be related too, but your sudo example is from wheezy security,
> see https://packages.debian.org/search?keywords=sudo
I see your point, and I must confess I'm a bit puzzled.
My policy is to always have security.debian.org enabled in my
sources.list, so I'm at a loss to explain how the `apt-cache policy`
output I posted happened. The evidence you point to, though, is
pretty clear, so I stand corrected.
Thanks, BTW, for showing me another way to find out where an installed
package comes from. Recently I've had quite a few situations in which
that bit of know-how would have been handy, but it didn't occur to me.
>> I'm considering going back to apt, even though most of the advice I've
>> read on apt vs aptitude leans in favor of the latter. After this
>> experience, I've lost trust in aptitude.
> Probably old advice, apt is the most recommended nowadays.
Good to know.
Thanks for all your help!
kj
Reply to: