On Thu, Nov 22, 2018 at 10:44:42AM +0100, David Escala wrote: > Perhaps we should change the apt dist-upgrade command for security updates > (suggestions?), but > not adding new dependencies in a security update may also be a good policy.
You should use apt pinning to restrict package upgrades to security updates only. See what the unattended-upgrades package does for an example. Removing apt's visibility of stuff that it already has installed on the system is a hack that will lead to the problem you've discovered. I'm interested for someone to confirm that pinning will solve this problem correctly in this particular case. I believe that it will but am not certain. I don't know about Debian's policies in adding dependencies to security updates. Clearly it is to be avoided, but there might be some situations when it is necessary for security purposes. Therefore, I'm not sure that this should be considered a bug at all from mariadb packaging's point of view, unless there is some other reason that the dependency addition should not have gone in.
signature.asc
Description: PGP signature
