This is also being discussed on a Debian Salsa issue. Cross-linking. https://salsa.debian.org/freedombox-team/freedombox/-/issues/1855
On 03/06/20 1:05 pm, Christian Ehrhardt wrote: > Package: plinth > Version: 20.10 > severity: serious > > Hi, > running into issues today I realized that the new freedombox 20.10 > places this file on disk: > $ cat /etc/apt/sources.list.d/freedombox2.list > # This file is managed by FreedomBox, do not edit. > # Allow carefully selected updates to 'freedombox' from backports. > deb http://deb.debian.org/debian buster-backports main > deb-src http://deb.debian.org/debian buster-backports main > > IMHO a package should not on-install mess with apt sources. Users just > don't expect this or the follow on consequences that can happen. > For example you are pinning python packages from backports which I'd > expect might lead to quite some dependency hell with other things installed. > > I was facing this in Ubuntu where it is even more wrong and essentially > breaking `apt update`, but IMHO it is even wrong if not outright > forbidden by some policy in Debian. I mean adding 'buster-backports' and > pinning to them in e.g. 'sid' - to me that sounds like calling for trouble. > > I'd ask you to reconsider and remove this behavior. If you want/need to > keep it then maybe at least consider adding a skip if `dpkg-vendor > --derives-from Ubuntu` is true. Would that work better for you? > > -- > Christian Ehrhardt > Staff Engineer, Ubuntu Server > Canonical Ltd -- Regards, Joseph Nuthalapati
signature.asc
Description: OpenPGP digital signature
