On 2018-09-12 23:34 +0100, Ben Hutchings wrote:
> Package: pkgsel
> Version: 0.45
> Tags: security
> Severity: important
>
> Security updates (and point releases) may include ABI bumps and new
> binary packages for some source packages that don't have a stable ABI.
> In particular, linux has done this several times this year; KiBi
> suggested that bind9 might sometimes do this.
>
> Normally the installer will install a metapackage such as linux-image-
> amd64, and a subsequent "apt upgrade" or "apt-get dist-upgrade" will
> update this package and pull in the new kernel package. Similarly
> upgrades to bind9 will pull in the new library packages.
>
> However, pkgsel by default runs "apt-get upgrade" which does *not* pull
> in new packages as dependencies. There is a debconf question
> (pkgsel/upgrade) for what type of upgrade to do, but it's low priority,
> and this is surely the wrong default behaviour.
>
> I think that either the default for this question should be changed to
> "full-upgrade", or the implementation of "safe-upgrade" should be
> changed to "apt upgrade". This installs new packages as dependencies
> but doesn't remove anything.
Considering that the behavior of apt(8) is subject to change, this might
not be the best idea.
> I don't know if it's possible to get the same behaviour through
> options to "apt-get".
It is, via the the "--with-new-pkgs" option. The apt-get manpage is a
bit unclear about that, see #908767.
Cheers,
Sven
