Control: tags -1 confirmed Hi Paul,
Paul Wise <[email protected]> ezt írta (időpont: 2018. aug. 11., Szo, 4:45): > > Package: unattended-upgrades > Version: 1.4 > Severity: serious > > Recently I have had unattended-upgrades upgrade random packages from > testing to experimental. If I downgrade the packages upgraded, I won't > get the same packages upgraded the next day. I run apt-show-versions > daily and save the output to my mail store. Using my mail store I found > that the first instance of this happening was on 2018-07-06, there were > earlier instances but they were from me manually installing packages > from experimental and u-u doing subsequent upgrades. I noticed that I > upgraded unattended-upgrades on that date from 1.3 to 1.4. I'm not > sure, but the changelog indicates some package candidate changes, > perhaps this caused the issue? I think this bug should be fixed before> > Debian releases buster, this could break some setups. Unattended-upgrades respect pinning to a very little extent and when I started adding support it turned out that python-apt had less than sufficient support for pinning to fix u-u. Julian kindly fixed [1] python-apt quickly in git , and u-u needs this fix in the archive before it can grow pinning support (and make the current support work). I proposed [2] a candidate adjustment fix which includes picking only lower versions of packages originally offered by apt's resolver which I believe would help in not upgrading packages to experimental. Since pinning support in u-u never worked IMO the proper severity would be 'important' rather than serious but I'd like to get this fixed for Buster, too. Cheers, Balint [1] https://salsa.debian.org/apt-team/python-apt/commit/75272eeffc04d4a7345e0c1095157e9d552ada1d [2] https://github.com/mvo5/unattended-upgrades/pull/137/commits/cf074c0cca1e6e9a01c7a881d362c3def85542d8

