Re: [Hampshire] Xorg is hungry today...

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Vic at <-
MMHugo Mills at ->

Reply to this message
Author: Alan Pope
Date:  
To: lug, Hampshire LUG Discussion List
Subject: Re: [Hampshire] Xorg is hungry today...
2009/10/7 Vic <lug@???>:
> So what would happen in the event that a security upgrade *did* require
> new packages[1]?
>

It has happened in recent memory. If I recall correctly when the ssh
issue happened last year the ssh server package gained an extra
dependancy "openssh-blacklist". If someone did a "safe-upgrade" or
"apt-get upgrade" then it would have 'held back' the ssh server
package. However a "sudo apt-get dist-upgrade" would pull it in.

> Would safe-upgrade refuse to install the security upgrade, or would it
> pull in the new dependency?
>

I believe it would not pull in the new dependency. Crazy though this
may sound, it gives the system administrator options:-

"I would like to always have the latest packages, no matter whether
this brings in new packages" -> apt-get dist-upgrade / aptitude
dist-upgrade

"I would like to make sure no _new_ code appears on my system, but
only updates to existing code" -> apt-get upgrade / aptitude
safe-upgrade

> It strikes me - and I could easily have misunderstood the distinction here
> - that the latter case here would make the option entirely irrelevant, but
> the former, whilst guarding against deviations of Policy by the repo
> maintainers, leaves known, patched problems in place.
>

Potentially yes. I never ever do a safe upgrade. I only ever do
dist-upgrades. Everyone has their own policy of how they manage code
on their hosts.

Cheers,
Al.


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Xorg is hungry today...Re: [Hampshire] Xorg is hungry today...->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)