[Bug 1370416] Re: Central and German package servers ship different state of the same package marked as the same version

xor 1370416 at bugs.launchpad.net
Sat Sep 20 18:17:43 UTC 2014 

Thanks.
Muon is the default package manager and "there's an update" tray icon alert thing in Kubuntu, so you might want to judge the priority which is not set yet upon that.

FYI the issue still applies, today is day 3, so I would assume it really
is not a package server synchronization issue.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptitude in Ubuntu.
https://bugs.launchpad.net/bugs/1370416

Title:
  Central and German package servers ship different state of the same
  package marked as the same version

Status in “aptitude” package in Ubuntu:
  Confirmed
Status in “muon” package in Ubuntu:
  Confirmed

Bug description:
  I have two machines, both on Kubuntu 14.04 amd64, one on the German package server, one on the central one.
  /etc/apt/sources.list for German server attached, for English server will follow in a comment because I can only attach one to the initial report
  /etc/apt/sources.list.d is empty

  Both have the same version of openjdk-7-jre installed according to aptitude (7u65-2.5.1-4ubuntu1~0.14.04.2).
  Both show an update to 7u65-2.5.2-3~14.04 in aptitude.
  However, the one with the German server shows it as security update according to aptitude, while the central server shows it as regular update. The package list was updated on both in the same interval of a few seconds.
  Why?
  [Notice that this might affect other packages, I am seeing more differing updates, only bothering to check the versions for this one.]

  Notice that this was preceded by weeks of aptitude telling me about
  bad signature / bad checksum when updating the package list (which
  made me switch the server to central server on one machine), and your
  recent update of apt which seemed to fix security issues in apt
  according to the changelog. This is very suspicious to me. Are you
  hacked? Am I being hacked? I work on a high value target software
  (Internet anonymization), so this scares me.

  Please reply soon if you need further information about the state of
  my apt, I can only postpone the security updates for a short time, and
  afterwards the state of apt might have changed in a way which makes it
  impossible to debug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptitude/+bug/1370416/+subscriptions

More information about the foundations-bugs mailing list