Firefox security fixes not installed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-manager (Ubuntu) |
Fix Released
|
High
|
Michael Vogt |
Bug Description
Update notifier put the new Firefox security updates in the 'unchanged' section
rather than deciding to apply the fix. There was no feedback on how to apply
these changes. I know that I can force the updates to proceed by doing the
update manually using Synaptic, but demonstrates a failure of the
update-notifier to do its job as ensuring a system remains secure is the primary
use case for it.
In this case, it looks like update-notifier did not want to apply the updates
because upgrading mozilla-
mozilla-
removal of a number of things including mozilla and mozilla-calendar.
I think update-notifier needs to cope with this, most likely by asking the user
what do do about difficult upgrades after explaining the side effects -- 'There
is an update for mozilla-firefox, but it would cause removal of blah, blah and
blah. Proceed (Yes/No/Later)?'
The alternative is of course to simply guide the user to, or launch directly,
Synaptic (but this might be deemed to complex for a click'n'drool update procedure).
Thanks for your bugreport.
This is indeed a big problem. update-manager was designed under the assumption
that a security update will never touch the status of other packages (remove
installed, install new). This used to be the case for debian. I'll fix
update-manager to cope with the changed circumanstances.
I just tried to reproduce the problem and it looks like the packages are now
updated in universe too, so the fixes should now be installable without this
message?
Thanks,
Michael