Your message dated Sat, 22 Jul 2023 22:34:40 +0200 with message-id <20230722203440.mdhuy2vepxalrush@crossbow> and subject line Re: Bug#1041708: apt: Manpages have wrong advice on APT::Default-Release preventing security updates has caused the Debian Bug report #1041708, regarding apt: Manpages have wrong advice on APT::Default-Release preventing security updates to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1041708: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041708 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: Manpages have wrong advice on APT::Default-Release preventing security updates
- From: Daniel Gröber <dxld@darkboxed.org>
- Date: Sat, 22 Jul 2023 15:46:42 +0200
- Message-id: <[🔎] 169003360265.2076250.7312080953861041556.reportbug@House.clients.dxld.at>
Package: apt Version: 2.6.1 Severity: important Tags: security X-Debbugs-Cc: dxld@darkboxed.org, Debian Security Team <team@security.debian.org> Dear Maintainer, apt's manpages contain references to APT::Default-Release which give wrong advice on how to set it in light of the changes to the debian-security repo Codename as of bullseye[1]: Setting APT::Default-Release to a plain codename such as "stable" or "bookworm" will have the disastrous consequence of preventing security updates from bein considered when upgrading. [1]: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive Please update any Default-Release references with the advice from the bullseye release-notes at [1]. Thanks, --Daniel PS: I think this change of debian-security Codename was a collossal mistake and I'm looking into getting this fixed properly by changing the codename to $codename/security but the updated advice should be safe in the face of that change.
--- End Message ---
--- Begin Message ---
- To: 1041708-done@bugs.debian.org
- Cc: Daniel Gröber <dxld@darkboxed.org>, Debian Security Team <team@security.debian.org>
- Subject: Re: Bug#1041708: apt: Manpages have wrong advice on APT::Default-Release preventing security updates
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Sat, 22 Jul 2023 22:34:40 +0200
- Message-id: <20230722203440.mdhuy2vepxalrush@crossbow>
- In-reply-to: <[🔎] 169003360265.2076250.7312080953861041556.reportbug@House.clients.dxld.at>
- References: <[🔎] 169003360265.2076250.7312080953861041556.reportbug@House.clients.dxld.at>
Hi, On Sat, Jul 22, 2023 at 03:46:42PM +0200, Daniel Gröber wrote: > apt's manpages contain references to APT::Default-Release which give > wrong advice on how to set it in light of the changes to the > debian-security repo Codename as of bullseye[1]: Could you please say where exactly apt says that this option should be used and that it would magically match other codenames apart from the codename explicitly requested? Also, isn't it a bit late to talk about changes made in bullseye given that this would break bookworm users which by now should exceed bullseye users… ? > Setting APT::Default-Release to a plain codename such as "stable" or > "bookworm" will have the disastrous consequence of preventing security > updates from bein considered when upgrading. Yes, and? (eventually an update/security fix will be part of stable via a point release, so such a setting considerably delays the updates, but doesn't prevent them as such. While I wouldn't recommended it, there might be people who desire exactly this behaviour…) src:apt tries to avoid documenting individual distributions too much (which includes even Debian) and has massive amounts of options with which you are easily able to shoot yourself in the foot. APT is rather low level after all and as such has a strong tendency to assume that the user is right, which helps if the user indeed knows what (s)he is doing. Less helpful if users blindly copy random advice from the web. As you may have noticed, the 'stable' doesn't include 'stable-updates' either and that isn't new – and also part of the reason for this funny regex. I was surprised then I discovered that entry the first time in the release notes as we were never asked about it. Anyway, easiest way to not have these problems is to not use the option at all. So, as the option works as defined and intended, there is very little we could reasonably do – and so, I fail to see an actionable bug in what seems more like a support question, hence I am closing. Best regards David KalnischkiesAttachment: signature.asc
Description: PGP signature
--- End Message ---