On Wednesday, 9 September 2020 4:03:26 PM AEST Paul Wise wrote: > The above script references /updates instead of -security for the > bullseye release and later. This means that images generated for > bullseye will be missing fixes for security issues. Probably this issue > should also get fixed in Debian buster and stretch too. I filed this > bug at severity important as I'm not sure how often this script is > used, please upgrade this bug report to severity serious if this script > is always used for generating Debian Docker images. > > $ grep -C3 /updates /usr/share/docker.io/contrib/mkimage/debootstrap
Thanks for reporting.
This is an upstream/vendor script that I did not even know exists.
I doubt maintainers of "docker.io" package used it...
I don't know who uses Docker's "debootstrap" script (and how) so it may be
an upstream-only issue. I'm not even sure we should be providing/shipping
this script...
--
Cheers,
Dmitry Smirnov.
---
If liberty means anything at all, it means the right to tell people what
they do not want to hear.
-- George Orwell
signature.asc
Description: This is a digitally signed message part.
