[Bug 1370416] Re: Security updates are not marked as security

V字龍(Vdragon) Vdragon.Taiwan at gmail.com
Sun Oct 5 18:39:59 UTC 2014 

@xor
Hi, my theory is "it's probably not possible for the apt and its front-ends to determine which update was security update after the update has been moved to -updates channel(until the developers decided to change the 'move-to-updates' policy)", I suggest you to upgrade all packages no matter it is from -updates channel or -security channel to keep your system safe, for my system I setup upgrade all packages from all channels(except -proposed) automatically in background using the unattended-upgrade mechanism and currently, hasn't encountered any problem.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptitude in Ubuntu.
https://bugs.launchpad.net/bugs/1370416

Title:
  Security updates are not marked as security

Status in “aptitude” package in Ubuntu:
  Confirmed
Status in “muon” package in Ubuntu:
  Confirmed

Bug description:
  I have two machines, both on Kubuntu 14.04 amd64, one on the German package server, one on the central one.
  /etc/apt/sources.list for German server attached, for English server will follow in a comment because I can only attach one to the initial report
  /etc/apt/sources.list.d is empty

  Both have the same version of openjdk-7-jre installed according to aptitude (7u65-2.5.1-4ubuntu1~0.14.04.2).
  Both show an update to 7u65-2.5.2-3~14.04 in aptitude.
  However, the one with the German server shows it as security update according to aptitude, while the central server shows it as regular update. The package list was updated on both in the same interval of a few seconds.
  Why?
  [Notice that this might affect other packages, I am seeing more differing updates, only bothering to check the versions for this one.]

  Notice that this was preceded by weeks of aptitude telling me about
  bad signature / bad checksum when updating the package list (which
  made me switch the server to central server on one machine), and your
  recent update of apt which seemed to fix security issues in apt
  according to the changelog. This is very suspicious to me. Are you
  hacked? Am I being hacked? I work on a high value target software
  (Internet anonymization), so this scares me.

  Please reply soon if you need further information about the state of
  my apt, I can only postpone the security updates for a short time, and
  afterwards the state of apt might have changed in a way which makes it
  impossible to debug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptitude/+bug/1370416/+subscriptions

More information about the foundations-bugs mailing list