Package: aptitude
Version: 0.6.10-1
Severity: normal
Dear Maintainer,
I'm on testing. I have chromium installed. I use the browser. I do
not use the inspector. None the less, chromium declares that it depends
on chromium-inspector, which is thus installed. Recently (around the
time of heartbleed) there has come a security upgrade for
chromium-inspector. This upgrade conflicts (in some way, I couldn't see
how) with the existing version of chromium. Aptitude reported a
conflict and offered to resolve it by uninstalling chromium (which I
want) or keeping chromium-inspector (which I don't consciously use; and
wouldn't have any use for at all without chromium) at its old version
(which, apparently, means retaining a known security bug on my system).
If chromium actually does use inspector, without my being aware of it,
this is a security problem, that I can't fix other than by uninstalling
chromium (at which point I may as well uninstall its inspector).
[Aside (for the chromium maintainer): I do not think it makes sense for
chromium (the browser) to depend on (i.e. force installation of)
chromium-inspector if, in fact, it is possible to browse without this
tool for web developers. It would make sense for chromium-inspector to
depend on chromium, and for chromium to Suggest or Recommend its
inspector, but the present Depends seems misguided (regardless of the
situation, above, that has brought it to my attention).]
dpkg -l 'chromium*' says (once I set COLUMNS to 120 to see full version
information): <quote>
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-========================-=================-=================-=====================================================
ii chromium 33.0.1750.152-1 amd64 Chromium web
browser
un chromium-codecs-ffmpeg <none> <none> (no
description available)
un chromium-codecs-ffmpeg-e <none> <none> (no
description available)
ii chromium-inspector 33.0.1750.152-1 all page inspector
for the Chromium browser
un chromium-l10n <none> <none> (no
description available)
un chromium-testsuite <none> <none> (no
description available)
</quote>
In aptitude, I did see a version 34.0.1847.116-1~deb7u1 listed for
chromium; but attempting to mark the installed version for deletion and
this new version for installation does not work: it merely marks the
33.0... version to be kept installed, with the attendant conflict with
its own inspector.
I kept inspector at its old version and assumed a compatible version of
chromium would show up sooner or later. After about a week, I tried
again; nothing had changed. Same conflict, same offered resolutions.
Eventually, I uninstalled both packages, then installed chromium afresh.
The above dpkg command now reports <quote>
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-========================-=================-=================-=====================================================
ii chromium 33.0.1750.152-1 amd64 Chromium web
browser
un chromium-codecs-ffmpeg <none> <none> (no
description available)
un chromium-codecs-ffmpeg-e <none> <none> (no
description available)
ii chromium-inspector 33.0.1750.152-1 all page inspector
for the Chromium browser
un chromium-l10n <none> <none> (no
description available)
un chromium-testsuite <none> <none> (no
description available)
</quote> unchanged ! I am unable to make sense of what aptitude was
complaining about or why purging and reinstalling has (apparently) fixed
the alleged problem.
I was wary of uninstall and reinstall, since this would purge the old
version of inspector, leaving me without the option of keeping it at its
old version; so, if the conflict had still been present, it would have
been unresolvable (other than by leaving chromium uninstalled). That
this turned out not to be the case is incidental: in order to make the
decision to attempt this course of action, I had to accept the
possibility that I would be left without chromium. The package manager
should not force me into such a choice when there is, in fact, no
problem at all !
-- Package-specific info:
Terminal: screen.rxvt
$DISPLAY is set.
which aptitude: /usr/bin/aptitude
aptitude version information:
aptitude 0.6.10 compiled at Feb 20 2014 17:26:22
Compiler: g++ 4.8.2
Compiled against:
apt version 4.12.0
NCurses version 5.9
libsigc++ version: 2.2.11
Ept support enabled.
Gtk+ support disabled.
Qt support disabled.
Current library versions:
NCurses version: ncurses 5.9.20140118
cwidget version: 0.5.17
Apt version: 4.12.0
aptitude linkage:
linux-vdso.so.1 (0x00007fff874f6000)
libapt-pkg.so.4.12 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
(0x00007f983158a000)
libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5
(0x00007f9831355000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5
(0x00007f983112a000)
libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0
(0x00007f9830f25000)
libcwidget.so.3 => /usr/lib/x86_64-linux-gnu/libcwidget.so.3
(0x00007f9830c1e000)
libept.so.1.aptpkg4.12 =>
/usr/lib/x86_64-linux-gnu/libept.so.1.aptpkg4.12 (0x00007f98309c1000)
libxapian.so.22 => /usr/lib/libxapian.so.22 (0x00007f98305c3000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f98303ab000)
libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
(0x00007f98300ee000)
libboost_iostreams.so.1.54.0 =>
/usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.54.0 (0x00007f982fed4000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f982fcb7000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6
(0x00007f982f9b2000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f982f6af000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1
(0x00007f982f499000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f982f0ef000)
libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x00007f982eeec000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f982ece8000)
libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0
(0x00007f982ead7000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f982e8b4000)
libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f982e6ae000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f982e4a6000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9831f0c000)
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages aptitude depends on:
ii aptitude-common 0.6.10-1
ii libapt-pkg4.12 1.0.1
ii libboost-iostreams1.54.0 1.54.0-5
ii libc6 2.18-4
ii libcwidget3 0.5.17-1
ii libept1.4.12 1.0.12
ii libgcc1 1:4.8.2-16
ii libncursesw5 5.9+20140118-1
ii libsigc++-2.0-0c2a 2.2.11-3
ii libsqlite3-0 3.8.4.3-1
ii libstdc++6 4.8.2-16
ii libtinfo5 5.9+20140118-1
ii libxapian22 1.2.17-1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages aptitude recommends:
ii apt-xapian-index 0.46
ii aptitude-doc-en [aptitude-doc] 0.6.10-1
ii libparse-debianchangelog-perl 1.2.0-1
ii sensible-utils 0.0.9
Versions of packages aptitude suggests:
pn debtags <none>
ii tasksel 3.20
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
