Re: Unstable update ridiculousness

[Default User]

On Thu, Sep 20, 2018, 18:39 Ben Caradoc-Davies  wrote:

> On 21/09/2018 07:51, Default User wrote:
> > Using advice given, using apt-listings and aptitude full-update, l was
> able
> > to update everything except the 3 packages in question, which are now
> > "pinned", with a priority of 3000.
>
> I find apt-mark hold more convenient than pinning.
>
> > I do have both cron and anacron installed, but have never used or done
> > anything to configure them. Note: the computer in question is not on
> 24/7,
> > but is normally on part of every day. Thus anacron, per the apt-listbugs
> > man page.
>
> I mask cron and anacron because I prefer manual control of all system
> maintenance tasks.
>
> Kind regards,
>
> --
> Ben Caradoc-Davies 
> Director
> Transient Software Limited 
> New Zealand
>


Now you tell me . . .
: )

Re: Unstable update ridiculousness

[Ben Caradoc-Davies]

On 21/09/2018 07:51, Default User wrote:

Using advice given, using apt-listings and aptitude full-update, l was able
to update everything except the 3 packages in question, which are now
"pinned", with a priority of 3000.


I find apt-mark hold more convenient than pinning.


I do have both cron and anacron installed, but have never used or done
anything to configure them. Note: the computer in question is not on 24/7,
but is normally on part of every day. Thus anacron, per the apt-listbugs
man page.


I mask cron and anacron because I prefer manual control of all system 
maintenance tasks.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: Unstable update ridiculousness

[Default User]

>
>
>
Hi guys. Thank you for your replies.

Please note that I am really not familiar with either cron or (especially)
with package pinning.

Using advice given, using apt-listings and aptitude full-update, l was able
to update everything except the 3 packages in question, which are now
"pinned", with a priority of 3000.

I do have both cron and anacron installed, but have never used or done
anything to configure them. Note: the computer in question is not on 24/7,
but is normally on part of every day. Thus anacron, per the apt-listbugs
man page.

If I understand correctly, a cron job has been created automatically, which
will check each day automatically, and automatically in-pin the packages in
question when they are eligible for upgrade. Is this correct?

If not, will I have to manually delete the cron job in question and/or
manually edit/delete the package pinning, once the packages in question
have been upgraded?

Finally, how can I verify that said cron job was created and enabled
(correctly)?

Re: Unstable update ridiculousness

[Roberto C . Sánchez]

On Thu, Sep 20, 2018 at 08:17:51AM -0500, John Hasler wrote:
> didier gaumet writes:
> > Please note that security updates for "unstable" distribution are not
> > managed by the security team. Hence, "unstable" does not get security
> > updates in a timely manner.
> 
> There is no promise of security updates to Unstable but in practice the
> developers upload fixes quite promptly.

To be clear, *targeted* security fixes to unstable are exceptionally
uncommon.  What usually happens is that new upstream releases that fix
security issues tend to be uploaded to unstable.  This sometimes happens
promptly and at other times can come with significant delay.

The reason for the distinction of the targeted security fixes is that
upstream may fix a reported security issue in their development
repository, but it may be some weeks or months before a new upstream
release is made with the fix.  There are occasions where the package
maintainer may cherry-pick the relevant commit(s), as is done for stable
security updates.  However, this is not the norm.  Some upstreams
actually make an effort to obfuscate which commits fix which security
vulnerabilities, which makes the matter even more challenging.

The point is that those who rely on timely security fixes should look
elsewhere than unstable and testing.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Unstable update ridiculousness

[John Hasler]

didier gaumet writes:
> Please note that security updates for "unstable" distribution are not
> managed by the security team. Hence, "unstable" does not get security
> updates in a timely manner.

There is no promise of security updates to Unstable but in practice the
developers upload fixes quite promptly.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Unstable update ridiculousness

[Joe]

On Thu, 20 Sep 2018 13:26:05 +1200
Ben Caradoc-Davies  wrote:

> Read the bug reports and decide whether any of them will hurt you:
> 
> On 20/09/2018 12:54, Default User wrote:
> > grave bugs of libtracker-sparql-2.0-0 (2.0.3-3 → 2.1.4-1)
> >  b1 - #908800 - nautilus: can't use nautilus without
> > tracker  
> 
> If you use nautilus, "apt-get install tracker".
> 

That was documented late, I never saw that that bug message until after
I'd installed it, and nautilus failed to materialise when I had a
client standing behind me. Fortunately, I also keep nemo installed and
moved on with barely any fuss... I like nautilus, but it does have its
moments.

I later discovered the issue for myself on the Net.

-- 
Joe

Re: Unstable update ridiculousness

[Joe]

On Wed, 19 Sep 2018 21:16:30 -0400
Default User  wrote:

> On Wed, Sep 19, 2018 at 9:05 PM John Hasler 
> wrote:
> 
> > You are running Unstable.  It can be like that.
> > --
> > John Hasler
> > jhas...@newsguy.com
> > Elmwood, WI USA
> >
> >  
> 
>  182 packages?

No, three. The rest can be upgraded. I usually switch to synaptic when
this happens, I find it easier to select the ones which will go. I've
never got along with aptitude interactive for some reason.

The same happens when some parts of a large set of packages are
upgradeable and some aren't, like Qt or libreoffice. I upgrade the
ones which aren't affected, and decline the offer to remove 350
packages.

In fact, I often accept buggy upgrades if the problems aren't likely to
affect me. I rarely use apt-cache on this machine, so I accepted that
one. Failed To Build From Source is another one that doesn't worry me,
because I don't.

-- 
Joe

Re: Unstable update ridiculousness

[didier gaumet]

Le 20/09/2018 à 03:16, Default User a écrit :

>  182 packages?

from https://www.debian.org/releases/sid/ :

"The unstable distribution ("sid")

The code name for Debian's development distribution is "sid", aliased to
"unstable". Most of the development work that is done in Debian, is
uploaded to this distribution. This distribution will never get
released; instead, packages from it will propagate into testing and then
into a real release.

Please note that security updates for "unstable" distribution are not
managed by the security team. Hence, "unstable" does not get security
updates in a timely manner. For more information please see the Security
Team's FAQ.

"sid" is subject to massive changes and in-place library updates. This
can result in a very "unstable" system which contains packages that
cannot be installed due to missing libraries, dependencies that cannot
be fulfilled etc. Use it at your own risk!"

Re: Unstable update ridiculousness

[Ben Caradoc-Davies]

Read the bug reports and decide whether any of them will hurt you:

On 20/09/2018 12:54, Default User wrote:

grave bugs of libtracker-sparql-2.0-0 (2.0.3-3 → 2.1.4-1) 
  b1 - #908800 - nautilus: can't use nautilus without tracker


If you use nautilus, "apt-get install tracker".


serious bugs of apt (1.6.4 → 1.7.0~rc1) 
  b2 - #909155 - apt-cache show multiple packages produces invalid output


Meh. Should be fixed. No doubt it will be fixed. But until then, I do 
not care.



serious bugs of colord (1.3.3-2 → 1.4.3-3) 
  b3 - #908735 - colord: need to build-depend on argyll


Only affects building this package, not end users.


Summary:
  apt(1 bug), colord(1 bug), libtracker-sparql-2.0-0(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...] n


At this point, instead of "n", just press "Enter".

Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: Unstable update ridiculousness

[Default User]

On Wed, Sep 19, 2018 at 9:05 PM John Hasler  wrote:

> You are running Unstable.  It can be like that.
> --
> John Hasler
> jhas...@newsguy.com
> Elmwood, WI USA
>
>

 182 packages?

Re: Unstable update ridiculousness

[John Hasler]

You are running Unstable.  It can be like that.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA