Bug#473082: marked as done (unattended-upgrades: Description wrongly implies it will run automatically)

Sat, 23 Oct 2010 07:24:27 -0700 

Your message dated Sat, 23 Oct 2010 16:16:23 +0200
with message-id <201010231616.24280.deb...@layer-acht.org>
and subject line close
has caused the Debian Bug report #473082,
regarding unattended-upgrades: Description wrongly implies it will run 
automatically
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
473082: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473082
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: unattended-upgrades
Version: 2.0
Severity: critical
Tags: security

See the package description:

Description: Install security upgrades automatically
 This package will download and install security upgrades automatically
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 and unattended. It will take care to only install packages from the
 ^^^^^^^^^^^^^^
 configured origin and will check for conffile prompts.

It does no such thing. Not even if /usr/bin/unattended-upgrade is run
manually does it actually install the upgrades, it just downloads
them! It writes to its log files what commands it should have run to
actually install the upgrades.

The reason I set this bug to critical and tag it security is that the
package promises to install security upgrades for the user but fails
to act on that promise. This tricks the user into a false sense of
security. There are no doubt users running insecure kernels and other
software because of this bug.

Regards,

-- 
Göran Weinholt. Debian developer. Network administrator.
"Wow! My entire arm disintegrated!" -- Spongebob Squarepants

--- End Message ---
--- Begin Message --- 
fixed: 0.25.1debian1-0.1

Hi Anthony,

re: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473082#63

Anybody can close bugs and if a bug has been closed correctly, nobody will 
complain about this, no matter who closed it :-)


cheers,
        Holger

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---

Reply via email to