[Python-apps-team] Bug#970071: mercurial: bullseye: /updates -> -security
Paul Wise
pabs at debian.org
Fri Sep 11 06:46:22 BST 2020
Source: mercurial
Version: 5.5.1-1
Severity: minor
File: contrib/automation/hgautomation/linux.py
User: debian-devel at lists.debian.org
Usertags: bullseye-security
With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.
In the mercurial source package there appears to be a script that
generates a Debian chroot/container for building packages and that
script relies on appears to write an apt sources.list that will
not provide security updates for packages installed in the
chroot/container. I suggest that this script check the version of the
Debian release in question using distro-info and then if the release is
11 or higher, then use $release-security otherwise use $release/updates
as before. It is much better to use distro-info than to hard-code the
release version numbers. It might even be a good idea to include the
security suite information in distro-info itself and look it up there.
I filed this bug at severity minor since the script in question doesn't
appear to be used for any part of the Debian packages nor for building
the Debian packages, but only for some upstream packages.
mercurial-5.5.1 $ grep -rC4 '/updates '
contrib/automation/hgautomation/linux.py-if [ "$LSB_RELEASE" = "stretch" -o "$LSB_RELEASE" = "buster" ]; then
contrib/automation/hgautomation/linux.py-cat << EOF | sudo tee -a /etc/apt/sources.list
contrib/automation/hgautomation/linux.py-# Sources are useful if we want to compile things locally.
contrib/automation/hgautomation/linux.py-deb-src http://deb.debian.org/debian $LSB_RELEASE main
contrib/automation/hgautomation/linux.py:deb-src http://security.debian.org/debian-security $LSB_RELEASE/updates main
contrib/automation/hgautomation/linux.py-deb-src http://deb.debian.org/debian $LSB_RELEASE-updates main
contrib/automation/hgautomation/linux.py-deb-src http://deb.debian.org/debian $LSB_RELEASE-backports main
contrib/automation/hgautomation/linux.py-
contrib/automation/hgautomation/linux.py-deb [arch=amd64] https://download.docker.com/linux/debian $LSB_RELEASE stable
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/python-apps-team/attachments/20200911/619a6b0e/attachment.sig>
More information about the Python-apps-team
mailing list