Re: Question on CVE-2017-5754 on Debian 8.9
On 2018-01-25 09:31:27 -0500, Greg Wooledge wrote:
> On Thu, Jan 25, 2018 at 03:24:21PM +0100, Vincent Lefevre wrote:
> > On 2018-01-24 11:19:36 -0500, Greg Wooledge wrote:
> > > To use a package from experimental, you must download it directly, and
> > > install it directly. You don't use apt or its cousins, unless it's
> > > to backfill dependencies (apt-get -f install) from your actual release.
> >
> > aptitude installs experimental packages automatically.
>
> It is terrifying.
>
> (Seriously, if you've configured it to do that, WHY?!? Do you hate
> your computer so much that you want it to die?)
No, I certainly haven't configured it to do that. Well, I've added
deb http://ftp.fr.debian.org/debian/ experimental main
deb-src http://ftp.fr.debian.org/debian/ experimental main
to /etc/apt/sources.list, but the goal was just to be able to install
experimental packages *manually*, with an explicit request. The fact
that aptitude assumes that the user may want to upgrade unstable
packages to experimental automatically (in order to satisfy
dependencies) is a really bad feature.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: