Re: Question on CVE-2017-5754 on Debian 8.9

To: debian-user@lists.debian.org
Subject: Re: Question on CVE-2017-5754 on Debian 8.9
From: Vincent Lefevre <vincent@vinc17.net>
Date: Thu, 25 Jan 2018 23:10:55 +0100
Message-id: <[🔎] 20180125221055.GC25200@zira.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20180125143127.xlhscnzkk5pamyn2@eeg.ccf.org>
References: <[🔎] CANc=Sd2mVyZ2niHUVmGouDyo=CofLBS6T+TZtbA6eNTXTSg97A@mail.gmail.com> <[🔎] 2e5ckno3hf4jv8@mids.svenhartge.de> <[🔎] CANc=Sd379=Vr+YJ7r87wNCp8Owz+DNjRqTGisWa5B4nZSuK+aw@mail.gmail.com> <[🔎] 3e5cng63hf4jv8@mids.svenhartge.de> <[🔎] 20180124141119.GA13787@cventin.lip.ens-lyon.fr> <[🔎] CANc=Sd3wxGbggVjb0-b7hQB4DELdPGPm-Aa9eka+B_wo6HoSSg@mail.gmail.com> <[🔎] CANc=Sd2ovrXOEs2f_k-NEze4ixNK4sPZPprGXeJoP_utAAeJxg@mail.gmail.com> <[🔎] 20180124161936.lfcymtxkt4k5wz5p@eeg.ccf.org> <[🔎] 20180125142421.GA13518@cventin.lip.ens-lyon.fr> <[🔎] 20180125143127.xlhscnzkk5pamyn2@eeg.ccf.org>

On 2018-01-25 09:31:27 -0500, Greg Wooledge wrote:
> On Thu, Jan 25, 2018 at 03:24:21PM +0100, Vincent Lefevre wrote:
> > On 2018-01-24 11:19:36 -0500, Greg Wooledge wrote:
> > > To use a package from experimental, you must download it directly, and
> > > install it directly.  You don't use apt or its cousins, unless it's
> > > to backfill dependencies (apt-get -f install) from your actual release.
> > 
> > aptitude installs experimental packages automatically.
> 
> It is terrifying.
> 
> (Seriously, if you've configured it to do that, WHY?!?  Do you hate
> your computer so much that you want it to die?)

No, I certainly haven't configured it to do that. Well, I've added

deb http://ftp.fr.debian.org/debian/ experimental main
deb-src http://ftp.fr.debian.org/debian/ experimental main

to /etc/apt/sources.list, but the goal was just to be able to install
experimental packages *manually*, with an explicit request. The fact
that aptitude assumes that the user may want to upgrade unstable
packages to experimental automatically (in order to satisfy
dependencies) is a really bad feature.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

References:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Sven Hartge <sven@svenhartge.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Sven Hartge <sven@svenhartge.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

Prev by Date: Re: How to rebuild a Debian package for a foreign architecture?
Next by Date: Re: Question on CVE-2017-5754 on Debian 8.9
Previous by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Next by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Index(es):
- Date
- Thread