On 01.12.22 10:03, Paul Wise wrote:
On Fri, 2022-11-25 at 12:46 +0100, Bastian Venthur wrote:
On 21.11.22 00:18, Paul Wise wrote:
anacron might be disabled if 2.3-33 was ever installed
[...]
I'm having trouble assessing the severity of the situation. Is more or
less everyone affected who uses unstable? If yes, how do we mitigate?
Every system with task-laptop, parl-desktop, ipmiutil or octavia-agent
will have anacron. There are also recommends from task-desktop,
cinnamon-core, email-reminder. The other reverse deps are alternatives.
The problematic anacron version was in unstable from 2022-07-13 to
2022-09-04 and in testing from 2022-07-20 to 2022-09-05, as that is
~1.5 months, probably most unstable/testing anacron installs are
affected, since they probably did an upgrade during that time.
https://tracker.debian.org/pkg/anacron
Thanks for the analysis!
Don't think the majority of users reads the announcement mails.
The maintainer has stated that they don't intend any further actions,
so I thought it important that the issue be announced more widely.
Good call, thank you!
So this was also announced via debian-user and micronews, but I suspect
you are right that not all unstable/testing users will hear about it.
I agree. I'd go even further and assume not even the majority of users
follows these channels so most of them are likely to be affected.
I wonder if there's an easy fix here, like a new version of anacron that
adds a check for this particular issue, offering to fix it during
upgrade of the package.
Cheers,
Bastian
--
Dr. Bastian Venthur https://venthur.de
Debian Developer venthur at debian org
