Bug#1041708: apt: Manpages have wrong advice on APT::Default-Release preventing security updates

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1041708: apt: Manpages have wrong advice on APT::Default-Release preventing security updates
From: Daniel Gröber <dxld@darkboxed.org>
Date: Sat, 22 Jul 2023 15:46:42 +0200
Message-id: <[🔎] 169003360265.2076250.7312080953861041556.reportbug@House.clients.dxld.at>
Reply-to: Daniel Gröber <dxld@darkboxed.org>, 1041708@bugs.debian.org

Package: apt
Version: 2.6.1
Severity: important
Tags: security
X-Debbugs-Cc: dxld@darkboxed.org, Debian Security Team <team@security.debian.org>

Dear Maintainer,

apt's manpages contain references to APT::Default-Release which give
wrong advice on how to set it in light of the changes to the
debian-security repo Codename as of bullseye[1]:

Setting APT::Default-Release to a plain codename such as "stable" or
"bookworm" will have the disastrous consequence of preventing security
updates from bein considered when upgrading.

[1]: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive


Please update any Default-Release references with the advice from the
bullseye release-notes at [1].

Thanks,
--Daniel

PS: I think this change of debian-security Codename was a collossal
mistake and I'm looking into getting this fixed properly by changing
the codename to $codename/security but the updated advice should be
safe in the face of that change.

Reply to:

Follow-Ups:
- Bug#1041708: marked as done (apt: Manpages have wrong advice on APT::Default-Release preventing security updates)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Pozdravy z Londýna
Next by Date: Bug#1041732: "N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'"
Previous by thread: Pozdravy z Londýna
Next by thread: Bug#1041708: marked as done (apt: Manpages have wrong advice on APT::Default-Release preventing security updates)
Index(es):
- Date
- Thread