[Freedombox-pkg-team] Bug#962084: Adding buster-backport to apt sources on install seems wrong
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Jun 3 08:35:45 BST 2020
Package: plinth
Version: 20.10
severity: serious
Hi,
running into issues today I realized that the new freedombox 20.10 places
this file on disk:
$ cat /etc/apt/sources.list.d/freedombox2.list
# This file is managed by FreedomBox, do not edit.
# Allow carefully selected updates to 'freedombox' from backports.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
IMHO a package should not on-install mess with apt sources. Users just
don't expect this or the follow on consequences that can happen.
For example you are pinning python packages from backports which I'd expect
might lead to quite some dependency hell with other things installed.
I was facing this in Ubuntu where it is even more wrong and essentially
breaking `apt update`, but IMHO it is even wrong if not outright forbidden
by some policy in Debian. I mean adding 'buster-backports' and pinning to
them in e.g. 'sid' - to me that sounds like calling for trouble.
I'd ask you to reconsider and remove this behavior. If you want/need to
keep it then maybe at least consider adding a skip if `dpkg-vendor
--derives-from Ubuntu` is true. Would that work better for you?
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/freedombox-pkg-team/attachments/20200603/eb7a2071/attachment-0001.html>
More information about the Freedombox-pkg-team
mailing list