Bug#1051979: marked as done (Do not suggest APT::Default-Release setting)

Sun, 29 Oct 2023 22:21:14 -0700 

Your message dated Mon, 30 Oct 2023 05:19:01 +0000
with message-id <e1qxkg1-007f0s...@fasolo.debian.org>
and subject line Bug#1051979: fixed in debian-reference 2.104
has caused the Debian Bug report #1051979,
regarding Do not suggest APT::Default-Release setting
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1051979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051979
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: debian-reference
Version: 2.100

The "2.7.7. Tweaking candidate version with apt-pinning" section
in "Chapter 2. Debian package management" recommends


The target release archive can be set by several methods.

- "/etc/apt/apt.conf" configuration file with "APT::Default-Release "stable";" 
line
- command line option, e.g., "apt-get install -t testing some-package"


https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_tweaking_candidate_version
Unfortunately "APT::Default-Release "stable";" prevents installing of updates from stable-security and stable-updates repositories. So this option should be either just dropped or a warning should be added to alert users who remembers it from previous release.
Accordingly to the Debian 11 bullseye release notes acceptable value for default release may be 


APT::Default-Release "/^bullseye(|-security|-updates)$/";


https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
"5.1.3. Changed security archive layout"
in "Chapter 5. Issues to be aware of for bullseye"
However there are opinions that this option should be considered as deprecated: 

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041708#38
apt man pages

https://lists.debian.org/debian-security/2022/01/msg00022.html
Re: Bullseye security.debian.org codename misconfigured?
Sat, 22 Jan 2022 21:07:09 +0100

There is a similar bug against debian-handbook
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041706
filed during the following discussion
https://lists.debian.org/debian-security/2023/07/msg00011.html
"Setting APT::Default-Release prevents installation of security updates in bookworm!?"
In my case it was bookworm with the backports repository added to test a wifi issue and trixie to get firefox-esr 115 earlier than it will appear in stable. By setting APT::Default-Release I was going to prevent upgrade kernel from backports to testing when I noticed missed security updates. I decided to use apt pinning instead. 

I have seen doubts concerning support of APT::Default-Release in
synaptic and regexps in "apt source PKG", but I have not noticed any
problem. So I am unsure if it can be an *additional* argument against
APT::Default-Release.
I admit that some users may need purely stable release without security updates (e.g. to test upgrades from particular versions), but I believe this case is too specific to be covered in the manual.
Either removing mention of the setting or adding a warning against APT::Default-Release should prevent users from making their configuration insecure.
--- End Message ---
--- Begin Message --- 
Source: debian-reference
Source-Version: 2.104
Done: Osamu Aoki <os...@debian.org>

We believe that the bug you reported is fixed in the latest version of
debian-reference, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Osamu Aoki <os...@debian.org> (supplier of updated debian-reference package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Oct 2023 13:44:48 +0900
Source: debian-reference
Architecture: source
Version: 2.104
Distribution: unstable
Urgency: medium
Maintainer: Osamu Aoki <os...@debian.org>
Changed-By: Osamu Aoki <os...@debian.org>
Closes: 1051979
Changes:
 debian-reference (2.104) unstable; urgency=medium
 .
   [ Osamu Aoki ]
   * APT: target release. Closes: Bug#1051979
   * Update 07_gui_system.rawxml
   * Alternative command
   * Fix typo s/chechout/checkout/
   * un-fuzzy all (trivial)
   * make po --> un-fuzzy
   * make po (ja translated)
 .
   [ Danial Behzadi ]
   * Add `list manually installed packages` for `apt`.
 .
   [ xiao sheng wen(肖盛文) ]
   * Update README.md: modify merge po files parts, add weblate po files git
     merge reminder, and add weblate utility wlc info, detail Merge po files
     from weblate to the source
   * add and update bin/weblate-po-merge and .weblate conf file
   * Translated using Weblate (Chinese (Simplified))
   * Translated using Weblate (French)
   * make po
 .
   [ gallegonovato ]
   * Translated using Weblate (Spanish)
 .
   [ eulalio ]
   * Translated using Weblate (Spanish)
 .
   [ Guillonneau Jean-Paul ]
   * Translated using Weblate (French)
 .
   [ tachyglossues ]
   * Translated using Weblate (French)
 .
   [ Andika Triwidada ]
   * Translated using Weblate (Indonesian)
Checksums-Sha1:
 b32c35d3ae4004d323f0944206b67d6b7bceb4d7 3067 debian-reference_2.104.dsc
 ed73bf09c40eef7d9e15e70d1e9ca14ed309df3b 2387960 debian-reference_2.104.tar.xz
Checksums-Sha256:
 89e5e1543405440578f812e3108816e5b23b7c8d133666493d2f6a841b5a2508 3067 
debian-reference_2.104.dsc
 65cd34757b173ff843ec1e4e41c5d9f66da92625acdbae8235f354c8078f2f8f 2387960 
debian-reference_2.104.tar.xz
Files:
 4096f45de9399d862e1710b4a89147fc 3067 doc optional debian-reference_2.104.dsc
 bd89c402cb244b9c82cde3bda359ac06 2387960 doc optional 
debian-reference_2.104.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEMTNyTWIHiBV56V1iHhNWiB3Y15EFAmU/NzcRHG9zYW11QGRl
Ymlhbi5vcmcACgkQHhNWiB3Y15FW2Q//TOMy+cML7kHfqK6hnMpeDPvkTf7tg8iw
vIVFHAgFGnX6LNKUdrs2YEvknFel9V/I83vrp/YUkqrjHrYohqi1mrFfpX5YUOYG
HYKE8gpYiPzjgBSRooDLvNee5yxWNUSafHrhqTNQGD5Qnl9X6pt+PdWlRe0jXfHJ
mrlQ9PBMYgkyJN8KAhBpk3LK/HodWW9MT6we0V5TDctX5ZLI6N3rF4RIy9Bp7erD
SQLe4jR3Ntk2Yl7RD6vEfn+IjtlCCsPSvAx7ksvYs9NT5zJHWptlIlcoP1+xxBIX
zXZcEmjslu6uCHT6AFry/go6WT5QRzQ9EQ9NcXaFqDRBjDt0nPwF8FNtvVjtIVOd
S7PCwRKWYNs7mO09taEDCTnJV1NAtSEqZA5L6/B2+WmkPMuzR5k93+/oygWnP7VB
jQbPI7E0yJluciQyn5Gdz/HBRR2DOnFItB80wyv1+SayvC6YlZqQgbT1dWkfl1Sz
c4V/hj1Kx0WCF0kuwiT7q3UJF85zbl6RKKCfTAOyYzlOQdPP6yU7DHLQW8gvhr25
jW9voUmaLMeOI1PDMcF3mZr9bNh1oiGd9XKxornpk1WVOtX0Gs2b796Udsnz4LJ1
2nJGOGYB1ng7+vKrshmb8T5bLC5Mr+bmeHr170FAKh5zJAiBndGVML6ybTbX+bG4
6fi2xer8jDY=
=6mWR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to