Bug#531492: marked as done (apt: man 5 sources.list examples with "stable" are a time bomb)
Your message dated Tue, 25 May 2010 21:32:46 +0000
with message-id <E1OH1jy-0005P8-U0@ries.debian.org>
and subject line Bug#531492: fixed in apt 0.7.26~exp5
has caused the Debian Bug report #531492,
regarding apt: man 5 sources.list examples with "stable" are a time bomb
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
531492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531492
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: man 5 sources.list examples with "stable" are a time bomb
- From: Stuart Prescott <stuart+debian@nanonanonano.net>
- Date: Tue, 02 Jun 2009 00:09:24 +0100
- Message-id: <20090601230924.17553.33406.reportbug@benu.nanonanonano.net>
Package: apt
Version: 0.7.20.2+lenny1
Severity: wishlist
Tags: patch
At present, the man page for the sources.list file has the following example:
deb http://http.us.debian.org/debian stable main contrib non-free
One thing that has been quite common in #debian (both freenode and oftc)
since the release of lenny is people coming in with boxes in a wildly
inconsistent state with a lovely mishmash of etch and lenny. They have had
a sources.list with entries pointing to "stable" and then performed what they
thought was a fairly safe "apt-get update && apt-get upgrade".
"Sure, there were a lot of packages updated when I did that, but I figured
they were necessary."
These are obviously people who are not subscribed to debian-announce, do not
have apt-listchanges installed and probably don't really understand debian
release cycles. Sure, it's PEBKAC, but the documentation encouraged them to do
this (sources.list(5) being only one of a great many sources of documentation
that suggest the use of "stable" in the sources.list).
In previous eras when upgrading between releases was literally as easy as
doing a dist-upgrade, having "stable" in the sources.list probably wasn't
so bad. Nowadays, it's a time bomb just waiting to make a mess of a box.
We are similarly seeing people with "stable" and "etch/updates" in their
sources.list which means that they also are often not picking up security
updates correctly. (There were a lot of these turning up just after DSA1571
caused people to pay a little more attention to their boxes than they
normally do.)
A patch to change some of these uses of "stable" to "lenny" is attached.
It was prepared against 0.7.21 from sid. An alternative that uses an entity
to include the current stable codename would possibly be preferable for you.
Happy hunting!
--- sources.list.5.xml-orig 2009-06-01 23:44:49.000000000 +0100
+++ sources.list.5.xml 2009-06-01 23:48:19.000000000 +0100
@@ -61,7 +61,10 @@
archive, <filename>distribution/component</filename>. Typically,
<literal>distribution</literal> is generally one of
<literal>stable</literal> <literal>unstable</literal> or
- <literal>testing</literal> while component is one of <literal>main</literal>
+ <literal>testing</literal> (or a release name such as
+ <literal>lenny</literal> <literal>squeeze</literal> or
+ <literal>sid</literal>)
+ while component is one of <literal>main</literal>
<literal>contrib</literal> <literal>non-free</literal> or
<literal>non-us</literal> The
<literal>deb-src</literal> type describes a debian distribution's source
@@ -110,7 +113,7 @@
<para>Some examples:</para>
<literallayout>
-deb http://http.us.debian.org/debian stable main contrib non-free
+deb http://http.us.debian.org/debian lenny main contrib non-free
deb http://http.us.debian.org/debian dists/stable-updates/
</literallayout>
@@ -193,8 +196,8 @@
<literallayout>deb http://archive.debian.org/debian-archive hamm main</literallayout>
<para>Uses FTP to access the archive at ftp.debian.org, under the debian
- directory, and uses only the stable/contrib area.</para>
- <literallayout>deb ftp://ftp.debian.org/debian stable contrib</literallayout>
+ directory, and uses only the lenny/contrib area.</para>
+ <literallayout>deb ftp://ftp.debian.org/debian lenny contrib</literallayout>
<para>Uses FTP to access the archive at ftp.debian.org, under the debian
directory, and uses only the unstable/contrib area. If this line appears as
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 0.7.26~exp5
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive:
apt-doc_0.7.26~exp5_all.deb
to main/a/apt/apt-doc_0.7.26~exp5_all.deb
apt-transport-https_0.7.26~exp5_i386.deb
to main/a/apt/apt-transport-https_0.7.26~exp5_i386.deb
apt-utils_0.7.26~exp5_i386.deb
to main/a/apt/apt-utils_0.7.26~exp5_i386.deb
apt_0.7.26~exp5.dsc
to main/a/apt/apt_0.7.26~exp5.dsc
apt_0.7.26~exp5.tar.gz
to main/a/apt/apt_0.7.26~exp5.tar.gz
apt_0.7.26~exp5_i386.deb
to main/a/apt/apt_0.7.26~exp5_i386.deb
libapt-pkg-dev_0.7.26~exp5_i386.deb
to main/a/apt/libapt-pkg-dev_0.7.26~exp5_i386.deb
libapt-pkg-doc_0.7.26~exp5_all.deb
to main/a/apt/libapt-pkg-doc_0.7.26~exp5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 531492@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 25 May 2010 16:01:42 +0200
Source: apt
Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all i386
Version: 0.7.26~exp5
Distribution: experimental
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description:
apt - Advanced front-end for dpkg
apt-doc - Documentation for APT
apt-transport-https - APT https transport
apt-utils - APT utility programs
libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
libapt-pkg-doc - Documentation for APT development
Closes: 490347 531492 566166 571541 576752 577804 578135 581159 581742
Changes:
apt (0.7.26~exp5) experimental; urgency=low
.
[ David Kalnischkies ]
* cmdline/apt-get.cc:
- rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
- don't suggest held packages as they are installed (Closes: #578135)
- handle multiple --{tar,diff,dsc}-only options correctly
- show at the end of the install process a list of disappeared packages
* cmdline/apt-cache.cc:
- use GroupCount for package names in stats and add a package struct line
* methods/rred.cc:
- use the patchfile modification time instead of the one from the
"old" file - thanks to Philipp Weis for noticing! (Closes: #571541)
* debian/rules:
- remove targets referring to CVS or arch as they are useless
- use $(CURDIR) instead of $(pwd)
- use dpkg-buildflags if available for CXXFLAGS
* README.arch:
- remove the file completely as it has no use nowadays
* apt-pkg/depcache.cc:
- be doublesure that the killer query is empty before starting reinstall
* methods/gpgv.cc:
- remove the keyrings count limit by using vector magic
* contrib/mmap.cc:
- clarify "MMap reached size limit" error message, thanks Ivan Masár!
* doc/apt.ent
- add entities for the current oldstable/stable/testing codenames
* doc/sources.list.5.xml:
- use stable-codename instead of stable in the examples (Closes: #531492)
* doc/apt_preferences.5.xml:
- adapt some examples here to use current codenames as well
- add "NotAutomatic: yes" handling, thanks Osamu Aoki (Closes: #490347)
* debian/libapt-pkg-doc.doc-base.cache:
- remove yet another reference to the removed cache.sgml
* doc/apt-get.8.xml:
- do not say explicit target_release_{name,version,codename}, it should
be clear by itself and 'man' can break lines again (Closes: #566166)
- remove the gnome-apt reference as it is removed from unstable
* apt-pkg/deb/dpkgpm.cc:
- add 'disappear' to the known processing states, thanks Jonathan Nieder
* apt-pkg/packagemanager.h:
- export info about disappeared packages with GetDisappearedPackages()
.
[ Michael Vogt ]
* methods/http.{cc,h}:
- code cleanup, use enums instead of magic ints
.
[ Jari Aalto ]
* debian/rules:
- spell out some less known options to reduce manpage consultation-rate
- Use POSIX command substitution: $(<command sequence>)
- Remove EOL whitespace (Closes: #577804)
.
[ Julian Andres Klode ]
* apt-pkg/acquire-item.cc:
- Fix pkgAcqFile::Custom600Headers() to always return something.
.
.
[ Christian Perrier ]
* Slovak translation update. Closes: #581159
* Italian translation update. Closes: #581742
Checksums-Sha1:
c32878774931d0e255e97f3d27f9749a2c198b03 1258 apt_0.7.26~exp5.dsc
d31d239b2dafc0ffc09d95089d49a10256c3be54 2820873 apt_0.7.26~exp5.tar.gz
1f02e3ac4bb4752e217e234ff745b71aa4b78446 224630 apt-doc_0.7.26~exp5_all.deb
aec022c57ce22b99ff8810b26ec62e9917902682 613508 libapt-pkg-doc_0.7.26~exp5_all.deb
fbf91dcb9c0db65dbb5b022898ecbba74345a598 1916602 apt_0.7.26~exp5_i386.deb
fed35f70cd4ffcc0bb76cb7f1e4c7479c460d011 135632 libapt-pkg-dev_0.7.26~exp5_i386.deb
4b3ba968c1cfdbbff8b92a6e0e3a06c13a8e5a90 261118 apt-utils_0.7.26~exp5_i386.deb
7b6659396afa3f10fe16ebfe1417b570542cd968 74618 apt-transport-https_0.7.26~exp5_i386.deb
Checksums-Sha256:
0e952403749b2af13ecd31a51bb77be8a333d0688790c2596f143d55e0f03336 1258 apt_0.7.26~exp5.dsc
47ef51fdb80c92a247a3a927c5aa84b97b7441b9370df15c3f1628dc1feb0a07 2820873 apt_0.7.26~exp5.tar.gz
bc876ff4add113ef4feb5fd55dfc7a9a15b99417033db6e4db0e1a975b711ecf 224630 apt-doc_0.7.26~exp5_all.deb
de0d0477ade44e1780d68fbcf0bddc8a61c6b3a122084b0a4bc7157d09308a9d 613508 libapt-pkg-doc_0.7.26~exp5_all.deb
0a1a1a426b534e7395055e54e1dc97d14a86e5765c79fccee0c8e0024328a85b 1916602 apt_0.7.26~exp5_i386.deb
c47ff5ed312cecc05457b9c45e8d22e50ed01b7214e930b38b455079f06f371a 135632 libapt-pkg-dev_0.7.26~exp5_i386.deb
3b23658439bfe56529e7cb91b637c2f5a874adbfe902aa79925d87299778aaf9 261118 apt-utils_0.7.26~exp5_i386.deb
5a6b232b70e008f48c0c40ddee514063d1ceaed5e7ae9da1604b8b62c1c97f9c 74618 apt-transport-https_0.7.26~exp5_i386.deb
Files:
fc4eb36e4bbea891b58141d8c458b1f2 1258 admin important apt_0.7.26~exp5.dsc
09455387f47158eaa725085c52e8f903 2820873 admin important apt_0.7.26~exp5.tar.gz
be11f1f598e8fd6a70bccc458e260a17 224630 doc optional apt-doc_0.7.26~exp5_all.deb
294f0339411922eb46171ea5cde1b605 613508 doc optional libapt-pkg-doc_0.7.26~exp5_all.deb
7a7e6bccd8d2a473b05efeda9f9afefb 1916602 admin important apt_0.7.26~exp5_i386.deb
119bf5d2cb8f123bf0e0e7c1abdcf3a6 135632 libdevel optional libapt-pkg-dev_0.7.26~exp5_i386.deb
f2eb4f37419c4f9d59021aaf1863bf79 261118 admin important apt-utils_0.7.26~exp5_i386.deb
cf3d0858227c60356498255d4501e254 74618 admin optional apt-transport-https_0.7.26~exp5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkv8LpMACgkQliSD4VZixzQg2ACgmO0mZu+SiqMru3s7e/NNJio1
ADUAnA8y1sIH3dXW2KbyfD0q8S9tFN+/
=3nTJ
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: