Bug#1030330: apt: update only warns if section doesn't exist
Package: apt
Version: 2.5.5
Severity: normal
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Hey.
It seems that apt only gives a warning (and exit status 0) in case a section
has been specified in sources.list, which doesn't exist.
E.g. aptitde doesn't seem to even show that warning.
Isn't that kind of a "security issue"? Imagine someone simply mistypes his
deb http://security.debian.org/debian-security/ stable-security mian
line and thus wouldn't see any updates.
If updating the package lists (and perhps even upgrading) is handled
automatically, this may be easily unnoticed.
Cheers,
Chris.
-- Package-specific info:
-- (no /etc/apt/preferences present) --
-- (no /etc/apt/preferences.d/* present) --
-- (/etc/apt/sources.list present, but not submitted) --
-- (/etc/apt/sources.list.d/10_local_unstable.sources present, but not submitted) --
-- (/etc/apt/sources.list.d/50_debian_unstable.sources present, but not submitted) --
-- (no /etc/apt/sources.list.d/disabled present) --
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
merged-usr: no
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-3-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii adduser 3.130
ii base-passwd 3.6.1
ii debian-archive-keyring 2021.1.1
ii gpgv 2.2.40-1
ii libapt-pkg6.0 2.5.5
ii libc6 2.36-8
ii libgcc-s1 12.2.0-14
ii libgnutls30 3.7.8-4
ii libseccomp2 2.5.4-1+b3
ii libstdc++6 12.2.0-14
ii libsystemd0 252.5-2
Versions of packages apt recommends:
ii ca-certificates 20211016
Versions of packages apt suggests:
ii apt-doc 2.5.5
ii aptitude 0.8.13-5
ii dpkg-dev 1.21.19
ii gnupg 2.2.40-1
ii powermgmt-base 1.37
-- Configuration Files:
/etc/logrotate.d/apt changed [not included]
-- no debconf information
Reply to: