[Bug 901833] Re: do-release-upgrade decides openssh-blacklist is obsolete

Jamie Strandboge jamie at ubuntu.com
Thu Dec 15 21:34:34 UTC 2011 

Thank you for using Ubuntu and reporting a bug. I cannot reproduce the
behavior you are seeing. After performing a do-release-upgrade openssh-
blacklist is prompted for removal, because it was automatically
installed as a dependency in of openssh-server, but this dependency was
relaxed in Ubuntu 10.04 to only be a Suggests. Because of this, update-
manager correctly marks the package for removal. In my testing it is not
marked as obsolete and it is installable via apt-get. I noticed in your
report that you are using aptitude-- perhaps it is a combination of
aptitude and apt that is causing this problem.

I am going to mark this bug as Invalid for now, since this seems to be a
local configuration issue. If this is in error, please feel free to
reopen the bugs. Please feel free to report any other bugs you may find.
Thanks again!

** Changed in: update-manager (Ubuntu)
       Status: New => Invalid

** This bug is no longer flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/901833

Title:
  do-release-upgrade decides openssh-blacklist is obsolete

Status in “update-manager” package in Ubuntu:
  Invalid

Bug description:
  I've been doing upgrades from hardy to lucid on some servers and
  noticed that the end of do-release-upgrade is uninstalling openssh-
  blacklist during the check for obsolete packages at the end. openssh-
  blacklist was in the list of things upgraded during the earlier stages
  of do-release-upgrade, so there's no reason it should have been marked
  obsolete.

  Neither "aptitude safe-upgrade" or "aptitude full-upgrade" will put it
  back, but if I just start aptitude and hit "g" it's already in the
  list to be installed because openssh-client depends on it.

  I marked this a security vulnerability because not having this package
  installed for any length of time does make the system more vulnerable,
  and the potential for it to never get reinstalled automatically makes
  it much more dangerous.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/901833/+subscriptions

More information about the foundations-bugs mailing list