Package: src:samba Version: 2:4.2.10+dfsg-0+deb8u1 Severity: serious Dear maintainer: On a system where only smbclient (and dependencies) is installed, upgrading to the packages in security.debian.org today makes the "samba" full server to be installed.
This kind of change should never be ok for the Debian stable distribution, so I'm using an appropriate severity indicating "unsuitable for release". Way to reproduce: * Install Debian 8.4 without security.debian.org * Install smbclient. * Add the sources.list line for security.debian.org * apt-get upgrade. The following will happen: The following packages have been kept back: libldb1 libsmbclient samba-common samba-libs smbclient The following packages will be upgraded: libtalloc2 libtdb1 libtevent0 libwbclient0 python-talloc So far, so good. * apt-get dist-upgrade. The following will happen: The following NEW packages will be installed: libarchive13 libfile-copy-recursive-perl libhdb9-heimdal liblzo2-2 libxml2 perl perl-modules python-crypto python-dnspython python-ldb python-ntdb python-samba python-tdb samba samba-common-bin samba-dsdb-modules tdb-tools update-inetd The following packages will be upgraded: libldb1 libsmbclient samba-common samba-libs smbclient No way. Please note that the samba packages is in the list. This is simply not acceptable. I hope this is fixed soon. Thanks.
