On 2019-05-10 13:45 -0500, David Wright wrote:
> On Fri 10 May 2019 at 20:14:20 (+0200), Sven Joachim wrote:
>> On 2019-05-08 13:14 -0500, David Wright wrote:
>>
>> > I'm trying to ascertain what APT::Default-Release can do for me,
>> > and what it constrains. In the output that follows, why does
>> > APT::Default-Release prevent firefox from being upgraded?
>>
>> Because stretch-updates ≢ stretch, see bug #173215[1] (with
>> -proposed-updates rather than -updates).
>
> Thanks for the reply. (I had just pointed out elsewhere that no answer
> had been forthcoming, so you've made a liar of me!)
>
> Perhaps a note to that effect might have been added to man apt.conf
> which was written (or revised) 14 years after the bug surfaced.
>
> Does this mean APT::Default-Release is a security risk,
Not really, but if you don't have entries for newer releases in your
sources.list, then APT::Default-Release is unnecessary. Personally I
find it clearer to use explicit pinning in apt-preferences.
> or is
> the behaviour of stretch/updates different from that of
> stretch-updates because of the slash? (I don't find the deb lines
> in sources.list easy to parse as a human.)
It's because the Codename (and Release) fields are different:
stable/updates on the security mirror uses "Codename: stretch" while
stable-updates uses "Codename: stretch-updates". Yes, this is
confusing.
Cheers,
Sven
