Postfix "Security" update in Dapper?
Scott Kitterman
ubuntu at kitterman.com
Fri Jun 9 11:54:16 UTC 2006
I was surprised to find apt-get bringing me a new Postfix version this
morning:
# apt-get update
...
# apt-get -s upgrade
Reading package lists... Done
Building dependency tree... Done
The following packages will be upgraded:
postfix
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst postfix [2.2.10-1] (2.2.10-1ubuntu0.1 Ubuntu:6.06/dapper-security)
Conf postfix (2.2.10-1ubuntu0.1 Ubuntu:6.06/dapper-security)
I am subscribed to ubuntu-security-announce at lists.ubuntu.com and the only
potentially relevant message I see is:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2006-June/000332.html
The only problem is that I don't have the affected postfix-pgsql installed, so
I don't know why my Postfix would be "Upgraded". Additionally, the official
Postfix version listed at http://packages.ubuntu.com/dapper/mail/postfix
remains 2.2.10-1.
So, now some questions:
1. What, if anything, does this change on a system that does not have
postfix-pgsql installed (and how can I figure this out for myself next time)?
2. Is this a packaging/dependency bug or is this how it's supposed to work?
postfix-pgsql depends on postfix, not the other way around. It doesn't seem
logical to me that the version of postfix would have to increment because of
a change in postfix-pgsql.
3. If one questions the validity of an update, where is the best place to
look to verify the current version for the release? I would have thought
that http://packages.ubuntu.com/dapper/mail/postfix would have been the place
to check, but it still shows the old version.
I'm somewhat reluctant to apply an update that fixes a problem for a system I
don't have installed to a correctly functioning system, so I appreciate any
light that someone can shed on this.
Thanks,
Scott K
More information about the ubuntu-users
mailing list