FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-15-2008, 05:38 AM
Daniel Burrows
 
Default Packages temporarily disappearing from Testing/Lenny

On Mon, Apr 14, 2008 at 06:41:05PM -0700, David Fox <dfox94085@gmail.com> was heard to say:
> On Mon, Apr 14, 2008 at 1:02 PM, Ron Johnson <ron.l.johnson@cox.net> wrote:
> > I've looked thru "man apt.conf", "man apt_preferences" and "man
> > apt-get", but don't see any way to disable this.
>
> I use aptitude exclusively, and I've never managed to get it to pull
> in recommended packages. I basically go back in the buffer and cut &
> paste if I want them. Not the best way to do the job, I suppose.

aptitude has handled recommended packages since before apt-get did.
Do you have them disabled in ~/.aptitude/config? (that would be
"Aptitude::Recommends-Important=false" or, in newer versions,
"Apt::Install-Recommends=false")

Daniel


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-15-2008, 06:45 AM
Sven Joachim
 
Default Packages temporarily disappearing from Testing/Lenny

On 2008-04-15 01:47 +0200, Douglas A. Tutty wrote:

> On Mon, Apr 14, 2008 at 08:20:00PM +0200, David wrote:
>
>> comix - The version in Testing had security problems, so it was
>> removed automatically (however, the insecure version stayed in
>> Unstable). Almost a month later a fixed version was uploaded to stable
>> and 10 days later it moved to Testing.
>
> Everyone who thinks of using Sid needs to read and understand this
> paragraph. "However, the insecure version stayed in Unstable". Just
> because Sid includes the latest doesn't mean its the greatest. I don't
> think that, e.g. aptitude pops up a warning "WARNING: you are trying to
> install an insecure version of comix".

It is true that sid users should generally check out for grave bugs and
security issues of packages they want to install, but the same holds for
testing. After all, buggy packages will not be removed quickly and an
update will first be available in unstable before it migrates to testing.

> At least if you run testing, if something proves insecure it will
> be either fixed in unstable and migrate after 10 days, or (I think)
> will be removed from testing.

If the maintainer acts correctly and uploads the package with
urgency=high, it can migrate after only two days. However, that's often
not possible, because the package must also have been built on all 11
release architectures and its dependencies have to be fulfilled in
testing. For packages with many dependencies this does not seldom take
months. The testing-security support we now enjoy has mitigated the
situation somewhat, but testing is still the worst Debian branch
security-wise.

As for the removals: packages with many reverse dependencies or packages
that are very popular among users never get removed from testing, as far
as I can see. Otherwise the Mozilla packages would be out of testing
most of the time. :-/

> It is often said that our testing branch
> is like other distro's stable or release branch. This may be true, but
> Unstable (Sid) is unstable and at any given time may have serious
> security issues. Beware.

Security is really the least thing you have to worry about if you use
sid. The problems are elsewhere: packages may not be installable due to
missing dependencies (never happens in stable or testing), installation
fails (most common reason is that the package contains files that are
also in another package - never happens in stable and very rarely in
testing) or a package may not work at all for one or the other reason.
These are the real problems when you use sid, not security.

Sven


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-15-2008, 04:43 PM
Andrew Sackville-West
 
Default Packages temporarily disappearing from Testing/Lenny

we really need to conflate this thread with the sidux one...


On Tue, Apr 15, 2008 at 08:45:47AM +0200, Sven Joachim wrote:
> On 2008-04-15 01:47 +0200, Douglas A. Tutty wrote:
>
> > On Mon, Apr 14, 2008 at 08:20:00PM +0200, David wrote:
> >
> >> comix - The version in Testing had security problems, so it was
> >> removed automatically (however, the insecure version stayed in
> >> Unstable). Almost a month later a fixed version was uploaded to stable
> >> and 10 days later it moved to Testing.
> >
> > Everyone who thinks of using Sid needs to read and understand this
> > paragraph. "However, the insecure version stayed in Unstable". Just
> > because Sid includes the latest doesn't mean its the greatest. I don't
> > think that, e.g. aptitude pops up a warning "WARNING: you are trying to
> > install an insecure version of comix".
>
> It is true that sid users should generally check out for grave bugs and
> security issues of packages they want to install, but the same holds for
> testing. After all, buggy packages will not be removed quickly and an
> update will first be available in unstable before it migrates to
> testing.

is it not true that _security_ patches migrate to testing through a
different route than the one to sid? I kind of picture it like this:

testing security team "finds" security bug, writes patch and pushes it
to testing and (Probably?) passing it back upstream as well. THen
upstream incorporates the fix and it works its way into sid through
upstream's regular release cycle?

I suppose I should shut-up and start reading more about debian
security...

A
 
Old 04-15-2008, 06:27 PM
Sven Joachim
 
Default Packages temporarily disappearing from Testing/Lenny

On 2008-04-15 18:43 +0200, Andrew Sackville-West wrote:

> On Tue, Apr 15, 2008 at 08:45:47AM +0200, Sven Joachim wrote:
>> It is true that sid users should generally check out for grave bugs and
>> security issues of packages they want to install, but the same holds for
>> testing. After all, buggy packages will not be removed quickly and an
>> update will first be available in unstable before it migrates to
>> testing.
>
> is it not true that _security_ patches migrate to testing through a
> different route than the one to sid? I kind of picture it like this:
>
> testing security team "finds" security bug, writes patch and pushes it
> to testing and (Probably?) passing it back upstream as well. THen
> upstream incorporates the fix and it works its way into sid through
> upstream's regular release cycle?

In general, no. First, the testing security team also works as security
team for unstable: if the maintainer does not react in time and uploads
a fix himself, they usually upload directly to unstable as well.

Secondly, they only upload to testing-security if the fixed package for
unstable is not expected to migrate quickly. You can see¹ that Iceweasel
has still an unfixed version in testing, while both stable and unstable
have the latest upstream version. Apparently it did not build on mips
and mipsel.

> I suppose I should shut-up and start reading more about debian
> security...

I'd recommend to start with http://testing-security.debian.net/, that
gives a good overview what this team is about.

Regards,
Sven


¹ http://packages.qa.debian.org/i/iceweasel.html


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-15-2008, 11:34 PM
Andrew Sackville-West
 
Default Packages temporarily disappearing from Testing/Lenny

On Tue, Apr 15, 2008 at 08:27:15PM +0200, Sven Joachim wrote:
> On 2008-04-15 18:43 +0200, Andrew Sackville-West wrote:
>
> > On Tue, Apr 15, 2008 at 08:45:47AM +0200, Sven Joachim wrote:
> >> It is true that sid users should generally check out for grave bugs and
> >> security issues of packages they want to install, but the same holds for
> >> testing. After all, buggy packages will not be removed quickly and an
> >> update will first be available in unstable before it migrates to
> >> testing.
> >
> > is it not true that _security_ patches migrate to testing through a
> > different route than the one to sid? I kind of picture it like this:
> >
> > testing security team "finds" security bug, writes patch and pushes it
> > to testing and (Probably?) passing it back upstream as well. THen
> > upstream incorporates the fix and it works its way into sid through
> > upstream's regular release cycle?
>
> In general, no. First, the testing security team also works as security
> team for unstable: if the maintainer does not react in time and uploads
> a fix himself, they usually upload directly to unstable as well.
>
> Secondly, they only upload to testing-security if the fixed package for
> unstable is not expected to migrate quickly. You can see¹ that Iceweasel
> has still an unfixed version in testing, while both stable and unstable
> have the latest upstream version. Apparently it did not build on mips
> and mipsel.
>
> > I suppose I should shut-up and start reading more about debian
> > security...
>
> I'd recommend to start with http://testing-security.debian.net/, that
> gives a good overview what this team is about.


thanks.

A
 
Old 04-16-2008, 12:45 AM
"Douglas A. Tutty"
 
Default Packages temporarily disappearing from Testing/Lenny

On Mon, Apr 14, 2008 at 06:41:05PM -0700, David Fox wrote:
> On Mon, Apr 14, 2008 at 1:02 PM, Ron Johnson <ron.l.johnson@cox.net> wrote:
> > I've looked thru "man apt.conf", "man apt_preferences" and "man
> > apt-get", but don't see any way to disable this.
>
> I use aptitude exclusively, and I've never managed to get it to pull
> in recommended packages. I basically go back in the buffer and cut &
> paste if I want them. Not the best way to do the job, I suppose.

Run aptitude curses interface and choose the options you want.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org