Bug#913913: Bug#931524: security.debian.org: bullseye security updates may be silently skipped on systems using apt pinning
Hi
[reassigned the package to ftp.debian.org as while it affects security
team, this is on the archive side]
On Sun, Jul 07, 2019 at 09:30:13AM +0200, Piotr Engelking wrote:
> Package: security.debian.org
> Severity: normal
> Tags: security
>
> With the release of buster, testing security updates switched from
> Suite: testing to Suite: testing-security. This silently breaks
> security updates on systems using apt pinning to elevate the priority
> of testing packages.
>
> Also, bug #913913 makes this already non-obvious configuration problem
> even harder for users to discover and to correctly fix.
>
> Please consider reverting this change.
I do not think this will be reverted, but time will show. There was
already an earlier intention to do this to get consistency across the
archive:
https://lists.debian.org/debian-security/2015/12/msg00015.htm
But back then this was not possible to switch. Then the buster release
was the optimal point in time to retry:
https://lists.debian.org/debian-security/2019/06/msg00015.html
This quarantees that actually now the archive is in itself more
consistent and security archive is not anymore a special case for
future releases.
User will anyway need to update the sources.list when switching to
bullseye, so the need of touching sources.list makes it as well
equally easy to then adjust the respective distribution component of
the URL.
testing-security is only populated very late in the freeze of a
release, in deep freeze when unblock requests are not anymore possible
and still packages should be released for security to have them from
day 0 in the new release.
Does this clarify your question or concern?
Regards,
Salvatore
Reply to: