[Bug 2027674] Re: apt dist-upgrade shows crap messages (really poor user experience)

Julian Andres Klode 2027674 at bugs.launchpad.net
Thu Jul 13 10:31:02 UTC 2023 

apt is not responsible for ubuntu pro messages. As advertised by the
introductory message you can turn off pro's news feature with sudo pro
config set apt_news=False

** Package changed: apt (Ubuntu) => ubuntu-advantage-tools (Ubuntu)

** Changed in: ubuntu-advantage-tools (Ubuntu)
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2027674

Title:
  apt dist-upgrade shows crap messages (really poor user experience)

Status in ubuntu-advantage-tools package in Ubuntu:
  Opinion

Bug description:
  I executed following in terminal

      $ sudo apt update && sudo apt dist-upgrade

  and received following mess:

  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Calculating upgrade... Done
  Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
    vlc-plugin-qt libvlc5 libimage-magick-perl vlc-data maven libvlccore9 vlc
    imagemagick vlc-bin libjs-jquery-ui vlc-l10n libmaven3-core-java
    libavdevice58 ffmpeg libopenexr25 libmagick++-6.q16-8 python3-scipy
    libpostproc55 libmagickcore-6.q16-6-extra vlc-plugin-samba libavcodec58
    libimage-magick-q16-perl libmagickwand-6.q16-6 vlc-plugin-notify libavutil56
    imagemagick-6.q16 libswscale5 libeditorconfig0 libmagickcore-6.q16-6
    vlc-plugin-access-extra vlc-plugin-skins2 vlc-plugin-video-splitter
    libswresample3 imagemagick-6-common vlc-plugin-video-output libavformat58
    libvlc-bin vlc-plugin-base vlc-plugin-visualization libavfilter7
  Learn more about Ubuntu Pro at https://ubuntu.com/pro
  #
  # An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
  # CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
  # Ensure you have updated the package to its latest version.
  #
  The following packages have been kept back:
    gjs libgjs0g libspeechd2 python3-speechd speech-dispatcher speech-dispatcher-audio-plugins speech-dispatcher-espeak-ng
  The following packages will be upgraded:
    alsa-ucm-conf debootstrap dkms ghostscript ghostscript-x gir1.2-adw-1 gir1.2-gnomedesktop-3.0 gir1.2-mutter-10 gnome-desktop3-data gnome-shell
    gnome-shell-common gnome-shell-extension-prefs initramfs-tools initramfs-tools-bin initramfs-tools-core iotop libadwaita-1-0 libgnome-bg-4-1
    libgnome-desktop-3-19 libgnome-desktop-4-1 libgs9 libgs9-common libllvm15 libllvm15:i386 libmutter-10-0 libruby3.0 libvirt-clients
    libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd
    libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 mutter mutter-common python3-ubuntutools ruby3.0 thunderbird
    thunderbird-gnome-support thunderbird-locale-fi ubuntu-advantage-tools ubuntu-dev-tools
  44 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
  11 standard LTS security updates
  Need to get 136 MB of archives.
  After this operation, 30,7 kB of additional disk space will be used.
  Do you want to continue? [Y/n]

  
  This has two big problems:

  (1) Ubuntu Pro ad cannot be disabled which causes lots of extra
  clutter on the output which will result in *training people to skip
  reading* the output of dist-upgdade. This is obviously a big problem
  and to "fix" that problem, new "important" message has been prefixed
  with "# " to make it more visible. If this trend continues, I'm sure
  next message will have "##### ***** NOTICE THIS IMPORTANT
  MESSAGE!!#"!"!!! *****" to make people notice the important part.
  Command line administrative tools should be about real stuff, not a
  shouting contest over ads. If you truly think ads should be enforced,
  keep it to the login message only.

  (2) The new message is unneeded crap about unspecified openssl package
  *that I already have installed*! I found this by googling the warning
  message and finding page https://ubuntu.com/security/CVE-2023-2650
  which clearly tells me that jammy has this bug fixed in package
  openssl version 3.0.2-0ubuntu1.10.

  
  If you think that the message about CVE-2023-2650 is important enough to be displayed even if the package has already been installed ("tell friends about this"), then very minimum should be explicitly saying the package name and minimum version with the fix. Only having text "the package" doesn't cut.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: apt 2.4.9
  ProcVersionSignature: Ubuntu 5.19.0-1027.28~22.04.1-lowlatency 5.19.17
  Uname: Linux 5.19.0-1027-lowlatency x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: MATE
  Date: Thu Jul 13 13:04:19 2023
  InstallationDate: Installed on 2022-03-25 (475 days ago)
  InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: apt
  UpgradeStatus: Upgraded to jammy on 2023-05-25 (48 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2027674/+subscriptions

More information about the foundations-bugs mailing list