Re: Warning: Debian/testing full-upgrade removes security packages!
Hi. On Sun, Jul 15, 2018 at 01:02:48PM -0400, Roberto C. Sánchez wrote: > On Sun, Jul 15, 2018 at 06:07:32PM +0200, Hans wrote: > > Am Sonntag, 15. Juli 2018, 17:43:47 CEST schrieb Henrique de Moraes > > Holschuh: > > > > Maybe I was not clear enough. I did not mourn,. that packages are > > dienstalled, > > this may happen in testing. I mourned,m that almost ALL SECURITY related > > packages are deinstalled. And I would have nothing said, if it would have > > been > > one or maybe two, bat ALL most important rootkit watchers? And intrusion > > detection? This was the point. > > The idea that this is part of some conspiracy just seems wrong. There > must be another logical explanation. I'd put my money on some debconf breakage (the only Depends all those packages have at common), but [1] claims that the most recent debconf migration to testing happened a month ago. Next most possible candidate is a perl-base, but if [2] is to be trusted, perl migration to testing was more than a month ago too. So a conspiracy idea does not seem that weird. On the contrary, it would look absolutely hilarious in the light of the news such as [3]. Or it might be broken Debian mirror that OP's using. Reco [1] https://tracker.debian.org/pkg/debconf [2] https://tracker.debian.org/pkg/perl [3] https://linux.slashdot.org/story/18/06/09/052249
Re: Warning: Debian/testing full-upgrade removes security packages!
Henrique de Moraes Hols writes: > Same goes for dist-upgrade. dist-upgrade/full-upgrade will more > aggressively attempt to remove packages than the alternatives > safe-upgrade and upgrade. I always do "upgrade" and look at what did not get upgraded and why. I then sometimes follow with "full-upgrade" and other times just upgrade selected packages. Testing is always consistent but not always complete. Unstable is always complete but not always consistent. Only Stable is both. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
Re: Warning: Debian/testing full-upgrade removes security packages!
On Sun, Jul 15, 2018 at 06:07:32PM +0200, Hans wrote: > Am Sonntag, 15. Juli 2018, 17:43:47 CEST schrieb Henrique de Moraes Holschuh: > > Maybe I was not clear enough. I did not mourn,. that packages are > dienstalled, > this may happen in testing. I mourned,m that almost ALL SECURITY related > packages are deinstalled. And I would have nothing said, if it would have > been > one or maybe two, bat ALL most important rootkit watchers? And intrusion > detection? This was the point. > What you are writing does not make sense. I almost replied to your first message after you posted it, but I had to leave. After researching the packages you mention, they are all currently in testing. That means that the removal would have to be triggered by a package conflict. Even if a package were not in testing, the system would not automatically removed it (unless you explicitly removed packages without a corresponding apt source). Can you post your sources.list and/or sources.list.d/ entries and also your dpkg.log that shows the specific packages being removed? The idea that this is part of some conspiracy just seems wrong. There must be another logical explanation. Regards, -Roberto -- Roberto C. Sánchez
Re: Warning: Debian/testing full-upgrade removes security packages!
Am Sonntag, 15. Juli 2018, 17:43:47 CEST schrieb Henrique de Moraes Holschuh: Maybe I was not clear enough. I did not mourn,. that packages are dienstalled, this may happen in testing. I mourned,m that almost ALL SECURITY related packages are deinstalled. And I would have nothing said, if it would have been one or maybe two, bat ALL most important rootkit watchers? And intrusion detection? This was the point. Best regards Hans > On Sun, 15 Jul 2018, The Wanderer wrote: > > >> be warned: Wheh you do apt full-upgrade, > > > > > > You're in testing: what are you "full-upgrade"-ing to and why? > > > > To testing, of course. > > Eh, I believe the meant that as "why are you using full-upgrade instead > of safe-upgrade or upgrade" (depending on which frontend), which are not > nearly as aggressive at removing packages. > > Same goes for dist-upgrade. dist-upgrade/full-upgrade will more > aggressively attempt to remove packages than the alternatives > safe-upgrade and upgrade. AFAIK, anyway.
Re: Warning: Debian/testing full-upgrade removes security packages!
On Sun, 15 Jul 2018, The Wanderer wrote: > >> be warned: Wheh you do apt full-upgrade, > > > > You're in testing: what are you "full-upgrade"-ing to and why? > > To testing, of course. Eh, I believe the meant that as "why are you using full-upgrade instead of safe-upgrade or upgrade" (depending on which frontend), which are not nearly as aggressive at removing packages. Same goes for dist-upgrade. dist-upgrade/full-upgrade will more aggressively attempt to remove packages than the alternatives safe-upgrade and upgrade. AFAIK, anyway. -- Henrique Holschuh
Re: Warning: Debian/testing full-upgrade removes security packages!
On 2018-07-15 at 10:09, David Wright wrote: > On Sun 15 Jul 2018 at 07:49:36 (+0200), Hans wrote: > >> Hi folks, >> >> be warned: Wheh you do apt full-upgrade, > > You're in testing: what are you "full-upgrade"-ing to and why? To testing, of course. Just because you're running testing doesn't mean the package versions you have installed are the ones currently available from testing. If you last upgraded more than about a day ago, there's a very good chance that one or more of your installed packages has a newer version available in testing now. Running upgrade commands on at least an intermittent basis is just good, normal practice for tracking testing. That said, the nature of testing does sometimes mean that the result is not entirely stable and consistent, so occasionally you get undesired package-removal results such as the ones described in this thread. The solution is generally to either specify explicitly (on the upgrade command line) which packages you want to retain, or wait until whatever dependency-resolution situation led to the problem gets resolved. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Warning: Debian/testing full-upgrade removes security packages!
On Sun 15 Jul 2018 at 07:49:36 (+0200), Hans wrote: > Hi folks, > > be warned: Wheh you do apt full-upgrade, You're in testing: what are you "full-upgrade"-ing to and why? > then most security tools, we rely on, > are deinstallesd. These are rkhunter, chrootkit, autopsy, tripwire, > needrestart and tiger. Also forensics-full and forensics-all are deinstalled > (however, this might have other reasons). > > This is no good behaviour, and it looks for me like the preparation for a > global attack on debian. > > Maybe it is wanted by the maintainers, but to remove suddenly almost all of > the most effective tools looks very, very fishy to me! > > Keep your eyes open, the NSA is everywhere. Cheers, David.
Re: Warning: Debian/testing full-upgrade removes security packages!
On 07/15/2018 02:49 PM, Hans wrote: > be warned: Wheh you do apt full-upgrade, then most security tools, we rely > on, > are deinstallesd. These are rkhunter, chrootkit, autopsy, tripwire, > needrestart and tiger. Also forensics-full and forensics-all are deinstalled > (however, this might have other reasons). Most likely the upgrade is changing packages that are depended on by the packages you mention. Just re-install them. Just examine which packages are being changed, see why apt wants to uninstall, and reinstall if needed. > This is no good behaviour, and it looks for me like the preparation for a > global attack on debian. The extent of the evidence that supports the idea that this is in fact an attack on Debian is just that apt is removing these packages on update. This behavior could be explained by other means, without first jumping to conclusions about NSA interference. "Never attribute to malice that which is adequately explained by stupidity." or, in this case, basically any simpler explanation than "the preparation for a global attack on debian". I believe it would have been more helpful if this had been written as a question on why apt might be removing said packages on upgrade, with more context, instead of spreading FUD on the list.
