[Bug 2027674] [NEW] apt dist-upgrade shows crap messages (really poor user experience)

Mikko Rantalainen 2027674 at bugs.launchpad.net
Thu Jul 13 10:12:47 UTC 2023 

Public bug reported:

I executed following in terminal

    $ sudo apt update && sudo apt dist-upgrade

and received following mess:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
  vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc
  imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java
  libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy
  libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58
  libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56
  imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6
  vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter
  libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58
  libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7
Learn more about Ubuntu Pro at https://ubuntu.com/pro
#
# An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
# CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
# Ensure you have updated the package to its latest version.
#
The following packages have been kept back:
  gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng
The following packages will be upgraded:
  alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1 gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell
  gnome-shell-common gnome-shell-extension-prefs initramfs-tools initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1
  libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15 libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients
  libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd
  libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter mutter-common python3-ubuntutools ruby3.0 thunderbird
  thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools ubuntu-dev-tools
44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
11 standard LTS security updates
Need to get 136 MB of archives.
After this operation, 30,7 kB of additional disk space will be used.
Do you want to continue? [Y/n]


This has two big problems:

(1) Ubuntu Pro ad cannot be disabled which causes lots of extra clutter
on the output which will result in *training people to skip reading* the
output of dist-upgdade. This is obviously a big problem and to "fix"
that problem, new "important" message has been prefixed with "# " to
make it more visible. If this trend continues, I'm sure next message
will have "##### ***** NOTICE THIS IMPORTANT MESSAGE!!#"!"!!! *****" to
make people notice the important part. Command line administrative tools
should be about real stuff, not a shouting contest over ads. If you
truly think ads should be enforced, keep it to the login message only.

(2) The new message is unneeded crap about unspecified openssl package
*that I already have installed*! I found this by googling the warning
message and finding page https://ubuntu.com/security/CVE-2023-2650 which
clearly tells me that jammy has this bug fixed in package openssl
version 3.0.2-0ubuntu1.10.


If you think that the message about CVE-2023-2650 is important enough to be displayed even if the package has already been installed ("tell friends about this"), then very minimum should be explicitly saying the package name and minimum version with the fix. Only having text "the package" doesn't cut.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: apt 2.4.9
ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17
Uname: Linux 5.19.0-1027-lowlatency x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: MATE
Date: Thu Jul 13 13:04:19 2023
InstallationDate: Installed on 2022-03-25 (475 days ago)
InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: apt
UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago)

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2027674

Title:
  apt dist-upgrade shows crap messages (really poor user experience)

Status in apt package in Ubuntu:
  New

Bug description:
  I executed following in terminal

      $ sudo apt update && sudo apt dist-upgrade

  and received following mess:

  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Calculating upgrade... Done
  Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
    vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc
    imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java
    libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy
    libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58
    libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56
    imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6
    vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter
    libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58
    libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7
  Learn more about Ubuntu Pro at https://ubuntu.com/pro
  #
  # An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
  # CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
  # Ensure you have updated the package to its latest version.
  #
  The following packages have been kept back:
    gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng
  The following packages will be upgraded:
    alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1 gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell
    gnome-shell-common gnome-shell-extension-prefs initramfs-tools initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1
    libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15 libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients
    libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd
    libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter mutter-common python3-ubuntutools ruby3.0 thunderbird
    thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools ubuntu-dev-tools
  44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
  11 standard LTS security updates
  Need to get 136 MB of archives.
  After this operation, 30,7 kB of additional disk space will be used.
  Do you want to continue? [Y/n]

  
  This has two big problems:

  (1) Ubuntu Pro ad cannot be disabled which causes lots of extra
  clutter on the output which will result in *training people to skip
  reading* the output of dist-upgdade. This is obviously a big problem
  and to "fix" that problem, new "important" message has been prefixed
  with "# " to make it more visible. If this trend continues, I'm sure
  next message will have "##### ***** NOTICE THIS IMPORTANT
  MESSAGE!!#"!"!!! *****" to make people notice the important part.
  Command line administrative tools should be about real stuff, not a
  shouting contest over ads. If you truly think ads should be enforced,
  keep it to the login message only.

  (2) The new message is unneeded crap about unspecified openssl package
  *that I already have installed*! I found this by googling the warning
  message and finding page https://ubuntu.com/security/CVE-2023-2650
  which clearly tells me that jammy has this bug fixed in package
  openssl version 3.0.2-0ubuntu1.10.

  
  If you think that the message about CVE-2023-2650 is important enough to be displayed even if the package has already been installed ("tell friends about this"), then very minimum should be explicitly saying the package name and minimum version with the fix. Only having text "the package" doesn't cut.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: apt 2.4.9
  ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17
  Uname: Linux 5.19.0-1027-lowlatency x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: MATE
  Date: Thu Jul 13 13:04:19 2023
  InstallationDate: Installed on 2022-03-25 (475 days ago)
  InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: apt
  UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2027674/+subscriptions

More information about the foundations-bugs mailing list