Bug#929248: changed its 'Suite' value from 'buster' to 'testing' ...

To: Julian Andres Klode <jak@debian.org>, Adam Borowski <kilobyte@angband.pl>, 929248@bugs.debian.org, Osamu Aoki <osamu@debian.org>
Subject: Bug#929248: changed its 'Suite' value from 'buster' to 'testing' ...
From: Csillag Tamas <cstamas@digitus.itk.ppke.hu>
Date: Sun, 15 Aug 2021 16:08:33 +0200
Message-id: <[🔎] YRkf4WoZgleLp4nY@rivendell.itk.ppke.hu>
Reply-to: Csillag Tamas <cstamas@digitus.itk.ppke.hu>, 929248@bugs.debian.org
In-reply-to: <20190707182325.GA21695@debian.org>
References: <155830187792.29069.7105802844048789084.reportbug@sschum-wirt.lan.tarent.de> <20190707133449.GA6789@goofy.osamu.debian.net> <155830187792.29069.7105802844048789084.reportbug@sschum-wirt.lan.tarent.de> <20190707152627.GB28565@angband.pl> <20190707182325.GA21695@debian.org> <155830187792.29069.7105802844048789084.reportbug@sschum-wirt.lan.tarent.de>

Hi,

On Sun, Jul 07, 2019 at 06:27:02PM +0200, Julian Andres Klode wrote:
> On Sun, Jul 07, 2019 at 05:26:27PM +0200, Adam Borowski wrote:
> > 
> > But, it's worse than merely annoying users of unstable and testing.  Two
> > years from now, millions of boxes will have "buster" change to "oldstable",
> > and, with cron mails currently being null-routed by default, no one will see
> > that[1].  Thus, a significant part of users will have security updates
> > suddenly stopped despite nothing relevant to them happening.
> > 
> > And this particular piece deserves a high severity.
> 
> Luckily we have about two years to deal with this (well, let's say 18
> months or so, gotta give people time to update before the new stable).

fwiw. what Adam predicted is exactly what happened today:

# apt-get update
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [122 kB]
Get:3 http://ftp.de.debian.org/debian buster InRelease [122 kB]
Reading package lists... Done
E: Repository 'http://security.debian.org buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Repository 'http://ftp.de.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

100 # cat /etc/debian_version
10.9

why I use apt-get instead of apt you ask?
Because that is what ansible does.

I can solve this for myself, but everyone needs to deal with it on its own.
(I have no idea if other cfg management systems deal with this any better or not)
Looking at the manpages to check if apt-get is deprecated I found that apt-get
is still preferred for scripting in general.

I usually run an ad-hoc command on all hosts with: "apt-get --allow-releaseinfo-change update".
What should ansible do? What is a better solution than running this after every release?

Regards,
 cstamas
--

Reply to:

Follow-Ups:
- Bug#929248: changed its 'Suite' value from 'buster' to 'testing' ...
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: apt_2.3.8_source.changes ACCEPTED into unstable
Next by Date: Bug#929248: changed its 'Suite' value from 'buster' to 'testing' ...
Previous by thread: apt_2.3.8_source.changes ACCEPTED into unstable
Next by thread: Bug#929248: changed its 'Suite' value from 'buster' to 'testing' ...
Index(es):
- Date
- Thread