Bug#913913: Bug#931524: security.debian.org: bullseye security updates may be silently skipped on systems using apt pinning
On Mon, Jul 08, 2019 at 08:26:50AM +0200, Piotr Engelking wrote:
> Julian Andres Klode <jak@debian.org>:
>
> > > Now a=testing packages have higher priority than the a=testing-security
> > > ones, which results in security updates not being installed. Another
> > > method of pinning configuration, using APT::Default-Release, has
> > > exactly the same effect.
> >
> > And this is a good thing IMO, as you want to be able to pin release
> > over security.
>
> Why? Anyway, this was already possible, using l=Debian and
> l=Debian-Security.
ugh.
>
> > > * Change the suite from a=testing-security back to a=testing. This is
> > > least work, but I don't know if it has any downsides I am unaware of.
> >
> > That means that testing-security does not work, as testing-security is
> > not testing and apt will complain.
>
> Which diagnostics are you talking about? I wasn't able to find it.
e.g. for Ubuntu, using the devel symlink for eoan, you get:
W: Conflicting distribution: http://de1.archive.ubuntu.com/ubuntu devel InRelease (expected devel but got eoan)
Same thing would apply in this case and it would say:
W: Conflicting distribution: http://security.debian.org/debian-security testing-security InRelease (expected testing-security but got testing)
or it might even say "got bullseye", not entirely sure.
Anyhow, we've got two years to fix this, no need to rush a "fix" out
now.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: