[Discover] [Bug 509700] New: Security updates are not treated like security updates

Sat, 20 Sep 2025 00:43:53 -0700 

https://bugs.kde.org/show_bug.cgi?id=509700

            Bug ID: 509700
           Summary: Security updates are not treated like security updates
    Classification: Applications
           Product: Discover
      Version First 6.3.6
       Reported In:
          Platform: Debian stable
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: PackageKit
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]
  Target Milestone: ---

SUMMARY

Updates coming from PackageKit are (incorrectly) treated like normal updates.
This has at least two effects:

- DiscoverNotifier doesn't prioritize its status icon as it should when
security updates are pending.
- DiscoverNotifier chooses the wrong icon: the one with the blue dot instead of
the one with the red dot.

STEPS TO REPRODUCE
1. Wait for a security update to be published on a distro that uses the
PackageKit backend.
2. Check for updates in Discover.

OBSERVED RESULT

If a status icon is shown, it's the one with the blue dot.

EXPECTED RESULT

The status icon with the red dot should be shown.

SOFTWARE/OS VERSIONS
KDE Plasma Version: 6.3.6
KDE Frameworks Version: 6.13.0
Qt Version: 6.8.2

ADDITIONAL INFORMATION

This is caused by a change within PackageKit: When sending Package and Packages
signals over d-bus, the info argument now contains two values packed into one
PkInfoEnum. The original info value is still present, and a new severity value
is shifted 16 bits and bitwise-OR-ed with the info value. Consequently, it
doesn't match any of the values that PackageKitNotifier::package() tests for,
so the special case for security updates never fires.

It's worth noting that recent packagekit-glib2 versions decode the two values,
but our PackageKitBackend doesn't use that library. In the long term, I suppose
it might be worth adding or changing a PackageKit-Qt interface to do the same.

For now, I have locally applied a patch that teaches PackageKitBackend to
decode the values and once again recognize security updates. I could submit it
as a merge request.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to