It seems packages from the debian-security repository are not affected by this increased priority and will not get intalled as a result.
On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote:
It seems packages from the debian-security repository are not affected by this increased priority and will not get intalled as a result.
This was documented in the release notes for Debian bullseye:
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
I have updated a few wiki pages that mention APT::Default-Release too.
https://wiki.debian.org/DebianUnstable?action=diff&rev1=144&rev2=145 https://wiki.debian.org/DebianEdu/Status/Bullseye?action=diff&rev1=107&rev2=108
https://wiki.debian.org/Wajig?action=diff&rev1=20&rev2=21 https://wiki.debian.org/FunambolInstallation?action=diff&rev1=9&rev2=10
If there is other documentation of APT::Default-Release that should get updated, please let us know so that we can fix it.
Do you have any references on how this decision came to be?
One mention I found is in Raphaël and Roland's DAH (now in CC): https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade
The places I'm most concerned about, people's brains and random web sites, aren't so easily fixed unfortunately. Advice to set this is splattered all over the web, I really don't understand why we made a change so seemingly
ill advised as this?
A web search for "Debian Default-Release security" didn't reveal anything talking about this problem, especially not our release notes, so I think
this change didn't get the publicity it deserves at the very least.
What I don't understand is why the security repo codename wasn't changed to $codename/security? Wouldn't that be handled correctly by APT? Unless the /update string in particular had special handling?
One mention I found is in Raphaël and Roland's DAH (now in CC): https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade
Probably better to file a bug about this, so it is tracked.
What I don't understand is why the security repo codename wasn't changed to $codename/security? Wouldn't that be handled correctly by APT? Unless the /update string in particular had special handling?
You will have to ask the apt developers and archive admins about this,
but at the end of the day reverting it is unlikely to happen, so
probably it is something everyone will just have to learn to live with.
You will have to ask the apt developers and archive admins about this,
but at the end of the day reverting it is unlikely to happen, so
probably it is something everyone will just have to learn to live with.
What about to add a warning to apt if *-security or *-updates is
configured in the sources list and `APT::Default-Release` is set but
does not match the security or updates repo?
One mention I found is in Raphaël and Roland's DAH (now in CC): https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 03:33:54 |
Calls: | 6,666 |
Files: | 12,212 |
Messages: | 5,335,702 |