[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1103441: marked as done (apt: Add option to silence "Notice: Some sources can be modernized.")

Your message dated Fri, 9 May 2025 18:21:02 +0200
with message-id <20250509181559.GA1096582@debian.org>
and subject line Re: Bug#1103441: apt: Add option to silence "Notice: Some sources can be modernized."
has caused the Debian Bug report #1103441,
regarding apt: Add option to silence "Notice: Some sources can be modernized."
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1103441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103441
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 3.0.0
Severity: wishlist
X-Debbugs-Cc: cardboardaardvark@gmail.com

Dear Maintainer,

It would be beneficial to allow admins to silence the notice from apt about
source configuration files that are using the outdated format. I think that
outputting the notice is good behavior by default but in some situations the
notice becomes noise because it is not possible to change the source
configurations with out breaking something.

I have third party packages installed which themselves install and maintain
files in /etc/apt/sources.list.d/ most notably the VS Code application. The
Microsoft install process for VS Code is as follows:

1) Download the .deb from Microsoft
2) Install the .deb using dpkg
3) The postinst script will create vscode.list in /etc/apt/sources.list.d/
4) The contents of vscode.list warn about local changes to the file being lost

Now I'm pretty sure that overwriting the contents of files in /etc from
postinst is a violation of Debian packaging standards so strictly defined there
is a problem with the Microsoft created Debian package. As the administrator of
my system the out of date sources notice has already informed me of the
situation and I am aware of it. I do not want to adjust the contents of the
vscode.list file to avoid breaking that may happen with future updates that
come from Microsoft (which also come frequently). This means the out of date
sources config file notice has become noise.

It would be nice if I could set a configuration value in apt to not output the
notice to me so I can reduce the noise. I don't see such an option being
available in the output of "apt-config dump"


-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (no /etc/apt/preferences.d/* present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- (/etc/apt/sources.list.d/brave-browser-release.list present, but not submitted) --


-- (/etc/apt/sources.list.d/element-io.list present, but not submitted) --


-- (/etc/apt/sources.list.d/ksp-ckan.list present, but not submitted) --


-- (/etc/apt/sources.list.d/vscode.list present, but not submitted) --


-- (/etc/apt/sources.list.d/winehq-trixie.sources present, but not submitted) --


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.21-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser                 3.150
ii  base-passwd             3.6.7
ii  debian-archive-keyring  2025.1
ii  libapt-pkg7.0           3.0.0
ii  libc6                   2.41-6
ii  libgcc-s1               14.2.0-19
ii  libseccomp2             2.6.0-2
ii  libssl3t64              3.5.0-1
ii  libstdc++6              14.2.0-19
ii  libsystemd0             257.5-2
ii  sqv                     1.3.0-1

Versions of packages apt recommends:
ii  ca-certificates  20241223

Versions of packages apt suggests:
pn  apt-doc                      <none>
pn  aptitude | synaptic | wajig  <none>
ii  dpkg-dev                     1.22.18
ii  gnupg                        2.2.46-6
ii  powermgmt-base               1.38

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Thu, Apr 17, 2025 at 11:27:44AM -0600, Tyler Riddle wrote:
> Package: apt
> Version: 3.0.0
> Severity: wishlist
> X-Debbugs-Cc: cardboardaardvark@gmail.com
> 
> Dear Maintainer,
> 
> It would be beneficial to allow admins to silence the notice from apt about
> source configuration files that are using the outdated format. I think that
> outputting the notice is good behavior by default but in some situations the
> notice becomes noise because it is not possible to change the source
> configurations with out breaking something.

This is a fundamental misunderstanding of the notice.

The warnings are already inside a 

APT::Get::Update::SourceListWarnings::SignedBy

block.

I strongly advice against it. These are security relevant
notices, you don't just get them for fun.

Well the notice to modernize the sources is just for fun,
but this is a compromise taken:

For .sources, we print a notice for each individual source
that is missing a Signed-By entry.

For .list files, instead of printing a notice for each entry
we merged them all together and only give you that single
summary.

And it only tells you about modernizing your sources rather
than adding signed-by to legacy .list files because that's
the better cause of action.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

--- End Message ---
Reply to: