[Aptitude-devel] Bug#833483: aptitude: doesn't detect obsolete candidate package (versions)

Christoph Anton Mitterer calestyo at scientia.net
Tue Aug 2 14:00:27 UTC 2016

Package: aptitude
Version: 0.8.2-1
Severity: important
Tags: security


I've just stumbled over the following:
Aptitude doesn't seem to tell people when the candidate and/or installed version
of a package is obsolete.

- Debian seems to have removed the transcode package already back in March.
- DMO still ships it however.
- I do have the transcode package from Debian installed.
- Via apt_preferences, all but a few packages from the DMO repos are "disabled".

Thus I'd never get any candidate version from DMO, while aptitude still shows
me the package not being obsolete.
In a way, of course, it is not fully obsolete, but it will never get any updates
thus no security updates either.

This is also what I think makes this issue important/security:
One ends up in a situation where the use will neither get updates (cause it's no
longer in Debian), nor will he even notice that this is the case (not being
showed as obsolete).


More information about the Aptitude-devel mailing list