Package: plinth Version: 20.10 severity: serious Hi, running into issues today I realized that the new freedombox 20.10 places this file on disk: $ cat /etc/apt/sources.list.d/freedombox2.list # This file is managed by FreedomBox, do not edit. # Allow carefully selected updates to 'freedombox' from backports. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main
IMHO a package should not on-install mess with apt sources. Users just don't expect this or the follow on consequences that can happen. For example you are pinning python packages from backports which I'd expect might lead to quite some dependency hell with other things installed. I was facing this in Ubuntu where it is even more wrong and essentially breaking `apt update`, but IMHO it is even wrong if not outright forbidden by some policy in Debian. I mean adding 'buster-backports' and pinning to them in e.g. 'sid' - to me that sounds like calling for trouble. I'd ask you to reconsider and remove this behavior. If you want/need to keep it then maybe at least consider adding a skip if `dpkg-vendor --derives-from Ubuntu` is true. Would that work better for you? -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd