Package: xen-tools Version: 2.8-2 Severity: serious Tags: security Justification: Leaves the new domU without security support
Installing a Etch domU always sets deb http://security.debian.org/ stable/updates main contrib non-free in /etc/apt/sources.list. This leaves the domU without security support, which shouldn't happen. If you look into /usr/lib/xen-tools/debian.d/20-setup-apt you can see the bug: cat <<E_O_APT > ${prefix}/etc/apt/sources.list [...] # # ${dist} # deb ${mirror} ${dist} main contrib non-free deb-src ${mirror} ${dist} main contrib non-free # # Security updates # deb http://security.debian.org/ stable/updates main contrib non-free deb-src http://security.debian.org/ stable/updates main contrib non-free # ^^^^^^ THIS SHOULD be ${dist}/updates E_O_APT It would be nice if this could be fixed for etch, because this bug would be slighly annoying if one would like to setup an testing/unstable xen domU intance during the lifetime of etch. -Peter Baumann PS: I am not sure if Severity: serious / Tags: security is the right choice. But I think this bug could have potential security problems. So feel free the change. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-xen-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages xen-tools depends on: ii debootstrap 0.3.3.1 Bootstrap a basic Debian system ii libtext-template-perl 1.44-1.1 Text::Template perl module ii perl-modules 5.8.8-7 Core Perl modules Versions of packages xen-tools recommends: pn perl-doc <none> (no description available) pn reiserfsprogs <none> (no description available) pn rpmstrap <none> (no description available) ii xen-hypervisor-3.0.3-1-amd64 3.0.3-0-2 The Xen Hypervisor on AMD64 pn xfsprogs <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
