[debian-mysql] Bug#914172: mariadb-server-10.1: mariadb-server sec-update (10.1.37-0+deb9u1) uninstalls default-mysql-server, mysql-server, mariadb-server-10.1 & mariadb-client-10.1
lamby at debian.org
Wed Dec 5 21:48:54 GMT 2018
> > You appear to be overly-preoccupied with persuing whether adding
> > dependencies is a "policy" or not but it remains unclear to me what you
> > would do with this information either way.
> Our current config rests on the assumption that all security updates
> (and their dependencies) will be hosted within the security apt repo.
> Judging by this occurrence, this is clearly not always the case. What we
> do next with this info depends on whether this is "how it is" (albeit
> uncommon) or a mistake.
I don't think it does/did. My reasoning was that either:
a) Packages "may" be added → you need to adjust your config as this
is something that can happen in practice, or;
b) Packages "may not" be added as a general rule and this was an
accident mistake or oversight → you need to adjust your config
anyway as its clearly something that can happen in the real
world regardless of learning what the policy is.
(This so-called "policy" could change in the future anyway for
special problems we have no possible idea today about the
solutions are. See, for example, new packages introduced as part
of DSA-1571-1, SPECTURE/meltdown detection, or whatever...)
As it happens "a)" is the reality — and it's naturally always good to
get clarification — but note that in both cases you need to upjust
your unattended-upgrades configuration, hence my use of "academic".
: :' : Chris Lamb
`. `'` lamby at debian.org / chris-lamb.co.uk
More information about the pkg-mysql-maint