Web lists-archives.com

Re: Usefulness of adding APT::Default-Release

On 2019-05-10 13:45 -0500, David Wright wrote:

> On Fri 10 May 2019 at 20:14:20 (+0200), Sven Joachim wrote:
>> On 2019-05-08 13:14 -0500, David Wright wrote:
>> > I'm trying to ascertain what APT::Default-Release can do for me,
>> > and what it constrains. In the output that follows, why does
>> > APT::Default-Release prevent firefox from being upgraded?
>> Because stretch-updates ≢ stretch, see bug #173215[1] (with
>> -proposed-updates rather than -updates).
> Thanks for the reply. (I had just pointed out elsewhere that no answer
> had been forthcoming, so you've made a liar of me!)
> Perhaps a note to that effect might have been added to man apt.conf
> which was written (or revised) 14 years after the bug surfaced.
> Does this mean APT::Default-Release is a security risk,

Not really, but if you don't have entries for newer releases in your
sources.list, then APT::Default-Release is unnecessary.  Personally I
find it clearer to use explicit pinning in apt-preferences.

> or is
> the behaviour of stretch/updates different from that of
> stretch-updates because of the slash? (I don't find the deb lines
> in sources.list easy to parse as a human.)

It's because the Codename (and Release) fields are different:
stable/updates on the security mirror uses "Codename: stretch" while
stable-updates uses "Codename: stretch-updates".  Yes, this is