On 28/2/25 11:57, Colin Watson wrote:
Ian Fleming wrote: "Once is happenstance. Twice is coincidence. The
third time it's enemy action." I've only got as far as coincidence so
far, but it's still enough to make me wonder.
No need to turn to paranoia in this case :)
[snip]
This is clearly (to my mind) a misconfiguration,
INDEED. And maybe a (minor) documentation bug, given that Debian
installer would never enable *only* security updates....
My (humble) opinion reasoning on this is: some admin, probably coming
from other environments/distros, understood that enabling ONLY security
updates would provide all the stability guarantees they want --- i.e. no
incompatible upgrades during the lifecycle of the release.
so I've rejected them as bugs on openssh: we don't support installing
only security updates and never upgrading to packages from new point
releases, because those aren't rigorously separate streams: security
updates are built against the stable suite and so may pick up
versioned dependencies against it. But seeing two users who seem to
have their systems configured this way makes me wonder what's going
on. Does anyone know of documentation somewhere that recommends
configuring stable systems this way?
Not in Debian, that I know of .... but I can easily understand where the
reasoning that led to this misconfiguration came from; I have actually
seem them live :)
Humble suggestion to add an (overrideable) warning to APT to this
effect? Something along the lines of "W: Configuring only security
updates for suite $suite is not officially supported, and can create
installability conflicts"
Stressing the "officially" here: it can work; will usually work....
until it doesn't (like for these bugs). But it's not the maintainer's fault.
Just my .02€. HTH
--
Parkinson's Law: Work expands to fill the time alloted to it.
