Ubuntu
kpackagekit package

kpackagekit shows incorrect security classification

Bug #649284 reported by Uwe Geuder
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kpackagekit (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: kpackagekit

In Lucid kpackagekit shows a fix in the wrong group from time to time. This is difficult to reproduce, because it depends on the package versions installed and on the package versions available from the repos. So in normal usage (i.e. if you don't downgrade packages) the same problem will never appear twice.

Today I happen to have the issue for linux-generic:

$ apt-cache policy linux-generic
linux-generic:
  Installed: 2.6.32.24.25
  Candidate: 2.6.32.25.27
  Version table:
     2.6.32.25.27 0
        500 http://fi.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
 *** 2.6.32.24.25 0
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
        100 /var/lib/dpkg/status
     2.6.32.21.22 0
        500 http://fi.archive.ubuntu.com/ubuntu/ lucid/main Packages
$

The candidate version comes from lucid-updates, not from lucid security. Still kpackagekit shows it as a security fix. See attached screen shot. Note that the version numbers in kpackagekit are equal to those shown by apt-cache.

I will apport-collect this report ASAP in order to provide necessary version info.
---
Architecture: i386
DistroRelease: Ubuntu 10.04
InstallationMedia: Kubuntu 10.04 "Lucid Lynx" - Beta i386 (20100406.1)
Package: kpackagekit 0.5.4-0ubuntu4.3
PackageArchitecture: i386
ProcEnviron:
 LANGUAGE=
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-24.43-generic 2.6.32.15+drm33.5
Tags: lucid
Uname: Linux 2.6.32-24-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

See original description
Revision history for this message
Uwe Geuder (ubuntulp-ugeuder) wrote :
tags: added: apport-collected
description: updated
Revision history for this message
Uwe Geuder (ubuntulp-ugeuder) wrote : Dependencies.txt

apport information

summary: - kpackagekit shows incorrect security classifiaction
+ kpackagekit shows incorrect security classification
Revision history for this message
Uwe Geuder (ubuntulp-ugeuder) wrote :

Because the linux-generic fix in question was an ABI change, a new package not previously installed was pulled. However, it was not from security either:

$ apt-cache policy linux-image-generic
linux-image-generic:
  Installed: 2.6.32.25.27
  Candidate: 2.6.32.25.27
  Version table:
 *** 2.6.32.25.27 0
        500 http://fi.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        100 /var/lib/dpkg/status
     2.6.32.24.25 0
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
     2.6.32.21.22 0
        500 http://fi.archive.ubuntu.com/ubuntu/ lucid/main Packages
$ apt-cache policy linux-image-2.6.32-25-generic
linux-image-2.6.32-25-generic:
  Installed: 2.6.32-25.44
  Candidate: 2.6.32-25.44
  Version table:
 *** 2.6.32-25.44 0
        500 http://fi.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        100 /var/lib/dpkg/status
$

(These commands executed after applying the update. Nothing vsible in kpackagekit at this point of time anymore of course)

Revision history for this message
Daniel Nicoletti (dantti) wrote :

Do you experience this kind of problem in 10.10 (if you are using it).
As in 10.10 the default backend is aptcc and the code is a bit smarter on detecting
the update kind I'd like to know if you have ever seem this.

Revision history for this message
Uwe Geuder (ubuntulp-ugeuder) wrote :

Short answer: no experience with Maverick 10.10

(long explanation: I stick to LTS for most work. I do have a 1 Kubuntu 10.10 installation but it is very instable (probably because of some nouveau display driver issue) so I have not used it very much and not paid attention to kpackagekit's operation)

On Lucid 10.04 LTS I have seen the problem again this week. (Don't remember with which package), But if you say that the implementation has changed significantly, it's probably the best close this report as "won't fix" or something like that (don't remember Launchpad states now). This is not a problem that would justify a SRU. And should the new implementation still suffer from the same problem, we can always report a new bug.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.