:: Re: [DNG] [corsac@debian.org: [SECU…
Top Page
Delete this message
Reply to this message
Author: KatolaZ
Date:  
To: DNG
Subject: Re: [DNG] [corsac@debian.org: [SECURITY] [DSA 4371-1] apt security update]
On Wed, Jan 23, 2019 at 11:42:15PM +0100, Florian Zieboll wrote:
> Am 22. Januar 2019 16:24:40 MEZ schrieb KatolaZ <katolaz@???>:
>
> > use pkgmaster.devuan.org in your sources.list to do
> > the upgrade
>
>
> If I understand the bug report correctly, it is not sufficient to change the repository to a not redirecting one, but it is also necessary to add the "Acquire::http::AllowRedirect=false" option to the update AND upgrade command. The latter failed for me (at my workplace as well as at home) with 302 "Moved Temporarily" errors for pkgmaster.devuan.org/merged/, so the debs had to be downloaded manually.
>


No Florian, there is no "not-redirecting" repository in Devuan. Any
Devuan repo will redirect to the corresponding Debian repo for all the
packages that have not been forked by Debian, so you can't set
AllowRedirect to false.

The safest way is to manually download apt from the Debian pool, as
explained in the email I forwarded. Or, if you trust Devuan, to use
pkgmaster.devuan.org in your sources.list (that one is the master
Devuan repo, and is on a machine to which only a reduced number of
core developers have access), do the update, and then put back
deb.devuan.org.

HTH

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]