| luis220413 | I have an open question in bug 1982670 regarding the security update for Jammy. | 08:04 |
|---|---|---|
| ubottu | Bug 1982670 in jupyter-notebook (Ubuntu) "Multiple vulnerabilities in Bionic, Focal, Jammy and Kinetic" [Undecided, In Progress] https://launchpad.net/bugs/1982670 | 08:04 |
| luis220413 | This is the question (in comment #4): "Is an upgrade to 6.4.12 acceptable for a security update for Jammy, given that the package has an extensive testsuite?" | 08:11 |
| luis220413 | Jammy has 6.4.8-1 and Kinetic has 6.4.8-2. I will file a Debian bug now for the unpatched vulnerabilities. | 08:12 |
| luis220413 | A Debian bug was filed by another person on July 21. | 08:26 |
| luis220413 | I will leave now but I will see your replies in the logs for this channel. | 08:48 |
| mdeslaur | I commented in the bug | 11:52 |
| codingkoopa | When a package update is pushed to <release>-security, is the same package uploaded to <release>-updates too, at the same time? Consulting `apt-cache policy`, this seems to be the case on my Ubuntu 18.04 machine (specifically with DigitalOcean mirrors) but not on Debian. | 16:46 |
| mdeslaur | codingkoopa: it gets copied to -updates about a half-hour later or so | 16:47 |
| codingkoopa | Perfect, thank you ^^ | 16:47 |
| mdeslaur | codingkoopa: that's so those packages end up being mirrored...security.ubuntu.com isn't mirrored | 16:47 |
| codingkoopa | ah, that makes sense | 16:48 |
| sdeziel | mdeslaur: why have the half-hour delay? Isn't it just hitting security.ubuntu.com harder than needed? | 17:20 |
| mdeslaur | sdeziel: it's copied over at the next publisher run I think | 17:20 |
| sdeziel | mdeslaur: ah, makes sense then :) | 17:20 |
| mdeslaur | sdeziel: not sure how often the publisher runs, but something around that | 17:21 |
| JanC | mdeslaur: -security is mirrored (although probably not from that domain)? | 17:38 |
| mdeslaur | JanC: it's mirrored, but I think we preconfigure with security.ubuntu.com so that slow mirrors don't impact security updates...I'd have to check a clean install | 18:18 |
| mdeslaur | ie: by default -security shouldn't be downloaded from mirrors | 18:19 |
| JanC | yeah, security.ubuntu.com is configured first in most installs, although some cloud & other internal images & such might not... | 20:01 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!