Re: apt/dselect anomaly
On Sun, May 18, 2008 at 08:33:35PM -0400, Marty [EMAIL PROTECTED] was heard to say: I usually keep current with the Debian archive using apt-get. Sometimes, however, I install programs using dselect. After upgrading to the latest Debian archive using apt-get update/upgrade, I got the following message while running dselect: The following packages will be upgraded: openssh-client openssh-server It happened on two different similarly configured machines. I'm pretty sure this has never happened to me before. I have always thought that upgrading using either apt-get or dselect (using the apt method) were equivalent, at least with respect to staying current with the archive. Am I missing something major? Thanks for any illumination. The latest version of openssh-server depends on openssh-blacklist due to the security problems with openssl that came up recently. If you only use apt-get upgrade, openssh-server won't get upgraded because upgrade refuses to install new packages. Did openssh-blacklist get installed too when you used dselect? Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt/dselect anomaly
Daniel Burrows wrote: On Sun, May 18, 2008 at 08:33:35PM -0400, Marty [EMAIL PROTECTED] was heard to say: I usually keep current with the Debian archive using apt-get. Sometimes, however, I install programs using dselect. After upgrading to the latest Debian archive using apt-get update/upgrade, I got the following message while running dselect: The following packages will be upgraded: openssh-client openssh-server It happened on two different similarly configured machines. I'm pretty sure this has never happened to me before. I have always thought that upgrading using either apt-get or dselect (using the apt method) were equivalent, at least with respect to staying current with the archive. Am I missing something major? Thanks for any illumination. The latest version of openssh-server depends on openssh-blacklist due to the security problems with openssl that came up recently. If you only use apt-get upgrade, openssh-server won't get upgraded because upgrade refuses to install new packages. Did openssh-blacklist get installed too when you used dselect? Yes. I had missed the warning about the kept back packages. Thanks. I have repeated the upgrade with another machine to confirm this explanation: apt-get update/upgrade outputs in part: The following packages have been kept back: openssh-client openssh-server The following packages will be upgraded: libssl0.9.8 linux-source-2.6.18 openssl rdesktop ssh dselect outputs in part: The following NEW packages will be installed: openssh-blacklist The following packages will be upgraded: openssh-client openssh-server 2 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
apt/dselect anomaly
I usually keep current with the Debian archive using apt-get. Sometimes, however, I install programs using dselect. After upgrading to the latest Debian archive using apt-get update/upgrade, I got the following message while running dselect: The following packages will be upgraded: openssh-client openssh-server It happened on two different similarly configured machines. I'm pretty sure this has never happened to me before. I have always thought that upgrading using either apt-get or dselect (using the apt method) were equivalent, at least with respect to staying current with the archive. Am I missing something major? Thanks for any illumination. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt/dselect anomaly
Marty [EMAIL PROTECTED]: I usually keep current with the Debian archive using apt-get. Sometimes, however, I install programs using dselect. After upgrading to the latest Debian archive using apt-get update/upgrade, I got the following message while running dselect: The following packages will be upgraded: openssh-client openssh-server It happened on two different similarly configured machines. I'm pretty sure this has never happened to me before. I have always thought that upgrading using either apt-get or dselect (using the apt method) were equivalent, at least with respect to staying current with the archive. Am I missing something major? Thanks for any illumination. http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141r1=140r2=141 A major flaw has been discovered in the way Debian has been creating ssh and ssl keys. I'm surprised anyone's not heard of it yet. Upgrading those two packages places you in a position to fix the problem as it affects your systems. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://blinkynet.net/comp/uip5.html Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]