Bug#929248: apt: E: Repository # changed its 'Suite' value from 'buster' to 'testing'; but how to accept?

To: Thorsten Glaser <tg@mirbsd.de>, 929248@bugs.debian.org
Subject: Bug#929248: apt: E: Repository # changed its 'Suite' value from 'buster' to 'testing'; but how to accept?
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 10 Jun 2019 15:15:54 +0200
Message-id: <[🔎] 20190610131554.ixgcghrzo6qzgjvj@crossbow>
Reply-to: David Kalnischkies <david@kalnischkies.de>, 929248@bugs.debian.org
In-reply-to: <155830187792.29069.7105802844048789084.reportbug@sschum-wirt.lan.tarent.de>
References: <155830187792.29069.7105802844048789084.reportbug@sschum-wirt.lan.tarent.de> <155830187792.29069.7105802844048789084.reportbug@sschum-wirt.lan.tarent.de>

Hi,

On Sun, May 19, 2019 at 11:37:57PM +0200, Thorsten Glaser wrote:
> Sure, but the apt-secure(8) manpage is 8 screen pages, and while
> I eventually (took me some time) found the right section, it does
> not document *how* one would accept this change:

Well, apt-secure manpage is supposed to be generic information for all
APT-based clients. I really don't look forward to describing which
buttons must be clicked to perform this magic in e.g. synaptics and the
gazillion other clients apt and apt-get are just the most prominent of.

> … for the record, I *believe* that adding --allow-releaseinfo-change
> to apt-get update is right, but this appears only in the apt-get(8)
> manpage, not in apt(8) which some people believe is the new tool, and
> especially not in apt-secure(8) where the user is directed to.

1. apt(8) is documented to not document every nook and cranny.
2. "apt" asks an interactive question in this situation,
   for "apt-get" this is disabled by default, because, I am told,
   people hate changes.
3. the user is directed to "apt-secure" for details on the why,
   how to use the client in question is a matter of client manpages
4. The client manpage apt-get(8) indeed mentions the option framed by
   the other security related options.

> As such, this is a rather severe documentation bug that I believe
> ought to be fixed before buster.

While I might agree the behaviour of apt-get could be more revealing,
I don't think this would belong in apt-secure. I guess we could add
another N: for apt-get, but I haven't looked at where to add that it is
generated only for apt-get not for other clients where that hint would
make no sense as a graphical software center likely doesn't accept that
flag…

Or we could babble about the underlying config options like in the
insecure repository case as it would effect all clients then, but that
feels a bit dirty and wrong.

On a sidenote: The Release file can include a "Release-Notes" field
which is then displayed as "More information about this can be found
online in the Release notes at: %s" so that a repository owner can
provide an explanation for this change.

In summary, I don't believe in this being a severe problem. Legit
changes of these fields should be really really rare given we teach
users to use Codename in configuration rather than Suite.

Best regards

David Kalnischkies

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#929248: apt: E: Repository # changed its 'Suite' value from 'buster' to 'testing'; but how to accept?
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: Re: SQLite backend?
Next by Date: Bug#929248: apt: E: Repository # changed its 'Suite' value from 'buster' to 'testing'; but how to accept?
Previous by thread: Re: SQLite backend?
Next by thread: Bug#929248: apt: E: Repository # changed its 'Suite' value from 'buster' to 'testing'; but how to accept?
Index(es):
- Date
- Thread