Access denied (403) when trying to fetch security updates for Dapper

Krzysztof Lichota krzysiek at lichota.net
Sat Nov 17 11:14:41 UTC 2007


Matt Zimmerman napisał(a):
> On Sat, Nov 17, 2007 at 08:21:54PM +1100, Serge de Souza wrote:
>> See https://bugs.launchpad.net/ubuntu/+source/samba/+bug/163042
>>
>> basically a bad push and permissions were changed on the debs to
>> prevent them from being downloaded.
>>
>> Wouldn't a new release without the broken packages fix the problem of
>> people trying to download something they can't?
> 
> As you can see from the discussion in the bug report, the circumstances are
> as follows:
> 
> - This regression only affects specific configurations (apparently those
>   using the deprecated smbfs module)
> 
> - There is a straightforward workaround (cifs works)
> 
> - The vulnerability is not believed to be serious (denial of service only)
> 
> Therefore, withdrawing the update in order to fix the problem was deemed an
> appropriate response, given the severity of the issue in affected
> configurations.
> 
> Preparing and testing a new update is something which takes time, and should
> not be rushed.  This temporary emergency measure (which is admittedly
> confusing for users) prevents further downloads while a proper response is
> prepared.

Could you in such cases send announcement that such measure was taken
and that update will fail (security announcement or at least a message
on ubuntu mailing lists). It would at least not leave users wondering
"why the heck is my automatic update not working".

Especially in case of Adept it is a surprise as it shows the same
message when it cannot download the file and when packages system is
broken - which happens often if dependencies are not fulfilled or
package is half-configured. So I have gone through usual "dpkg
--configure -a", "apt-get install -f", but it didn't work, as the
problem lies in completely different place.

	Krzysztof Lichota


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071117/3cd98990/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list