Control: severity -1 wishlist Hi, On Sun, Oct 27, 2019 at 02:51:02PM -0700, Chris wrote: > update or check the version of doesn't depend on adoptopenjdk. Shouldn't > apt still be able to process the package lists from unaffected sources, and > install and upgrade packages that don't come from or depend on the affected > sources? Perhaps, but that is hard to do without making it worse for others: You can e.g. parse everything first temporarily and only after that parse it again for real – practically doubles execution time – or you keep a snapshot of the previously parsed data so you can roll back in a pinch – practically doubles memory consumption. Both aren't a particular good idea as we always want to be faster & not waste memory so constraint [virtual or real] machines continue to work. So that seems "very difficult to fix due to major design considerations" (if you read on you might notice why I use that quote). What we could do is automating what is currently basically required from the user to do manually: Remove this crappy source. Would be nice, but as a new feature the appropriate severity is wishlist – and I wouldn't hold my breath for it as having such bad sources and wanting to keep them isn't a very common usecase… honestly, if the source doesn't manage to produce valid files I would have serious doubts about how good the rest of what they do is given I basically grant them root access to my machine by using it. So, that both being my reasoning for downgrading to wishlist. For your next bugreport it might be a good idea to not start out with a high severity as that will raise flags for many people to look at it, which end up being annoyed because the severity was overinflated. See https://debian.org/Bugs/Developer#severities for details on what the severities mean – which will a) explain the quoting from above and b) why "serious" is nearly always wrong. Thanks none the less for taking the time to report a bug and Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature