Hi Alberto, Alberto Garcia writes:
> On Sat, Jun 05, 2021 at 11:45:45AM +0900, Olaf Meeuwissen wrote: > >> In the mean time, I'll just `apt purge` the added packages. In my >> case these were the >> >> Package changes: >> + fuse 2.9.9-1+deb10u1 amd64 >> + libpipewire-0.2-1 0.2.5-1 amd64 >> + xdg-desktop-portal 1.2.0-1 amd64 >> + xdg-desktop-portal-gtk 1.2.0-1 amd64 > > Yes, these are the actual new dependencies. Plus whatever these depend on that wasn't already installed. I haven't really pruned my Recommends: but other folks may have. > Future security updates and buster backports will Suggest > xdg-desktop-portal-gtk, although in bullseye it will still be a > recommendation. Good. I don't mind packages acquiring Recommends in testing/unstable. I do mind when that happens in stable-security. > I don't think there's any better way to have those packages removed > automatically (certainly not a Conflicts, many people had them > installed anyway). Apart from a couple of MBs of extra used disk > space, is there anything particularly worrying you? Bloat. Increased attack surface. As far as libwebkit2gtk-4.0-37 is concerned, it happened and everyone that cares has to clean up manually. That's too bad. Just let this be a warning for *all* stable-security packages to pay some extra attention to changing dependencies. If it's only changing versions of packages already depended upon, that _probably_ okay. New packages should raise a red flag. Hope this helps, -- Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join
