Bug#531492: apt: man 5 sources.list examples with "stable" are a time bomb
Package: apt
Version: 0.7.20.2+lenny1
Severity: wishlist
Tags: patch
At present, the man page for the sources.list file has the following example:
deb http://http.us.debian.org/debian stable main contrib non-free
One thing that has been quite common in #debian (both freenode and oftc)
since the release of lenny is people coming in with boxes in a wildly
inconsistent state with a lovely mishmash of etch and lenny. They have had
a sources.list with entries pointing to "stable" and then performed what they
thought was a fairly safe "apt-get update && apt-get upgrade".
"Sure, there were a lot of packages updated when I did that, but I figured
they were necessary."
These are obviously people who are not subscribed to debian-announce, do not
have apt-listchanges installed and probably don't really understand debian
release cycles. Sure, it's PEBKAC, but the documentation encouraged them to do
this (sources.list(5) being only one of a great many sources of documentation
that suggest the use of "stable" in the sources.list).
In previous eras when upgrading between releases was literally as easy as
doing a dist-upgrade, having "stable" in the sources.list probably wasn't
so bad. Nowadays, it's a time bomb just waiting to make a mess of a box.
We are similarly seeing people with "stable" and "etch/updates" in their
sources.list which means that they also are often not picking up security
updates correctly. (There were a lot of these turning up just after DSA1571
caused people to pay a little more attention to their boxes than they
normally do.)
A patch to change some of these uses of "stable" to "lenny" is attached.
It was prepared against 0.7.21 from sid. An alternative that uses an entity
to include the current stable codename would possibly be preferable for you.
Happy hunting!
--- sources.list.5.xml-orig 2009-06-01 23:44:49.000000000 +0100
+++ sources.list.5.xml 2009-06-01 23:48:19.000000000 +0100
@@ -61,7 +61,10 @@
archive, <filename>distribution/component</filename>. Typically,
<literal>distribution</literal> is generally one of
<literal>stable</literal> <literal>unstable</literal> or
- <literal>testing</literal> while component is one of <literal>main</literal>
+ <literal>testing</literal> (or a release name such as
+ <literal>lenny</literal> <literal>squeeze</literal> or
+ <literal>sid</literal>)
+ while component is one of <literal>main</literal>
<literal>contrib</literal> <literal>non-free</literal> or
<literal>non-us</literal> The
<literal>deb-src</literal> type describes a debian distribution's source
@@ -110,7 +113,7 @@
<para>Some examples:</para>
<literallayout>
-deb http://http.us.debian.org/debian stable main contrib non-free
+deb http://http.us.debian.org/debian lenny main contrib non-free
deb http://http.us.debian.org/debian dists/stable-updates/
</literallayout>
@@ -193,8 +196,8 @@
<literallayout>deb http://archive.debian.org/debian-archive hamm main</literallayout>
<para>Uses FTP to access the archive at ftp.debian.org, under the debian
- directory, and uses only the stable/contrib area.</para>
- <literallayout>deb ftp://ftp.debian.org/debian stable contrib</literallayout>
+ directory, and uses only the lenny/contrib area.</para>
+ <literallayout>deb ftp://ftp.debian.org/debian lenny contrib</literallayout>
<para>Uses FTP to access the archive at ftp.debian.org, under the debian
directory, and uses only the unstable/contrib area. If this line appears as
Reply to: