I tried to install a system with Debian 11 and a preseed file today
from our internal mirror and found out that the package salt-minion was
gone. After some research (our mirror snapshots every day) I found out
that between 2024-06-29 02:00 and 2024-06-30 02:00 the whole salt
directory was silently dropped from the upstream mirrors. Even packages.debian.org does no longer display any information about it.
I was under the impression that the software stack of a
stable/oldstable release does not change anymore (safe for security
updates and suchlike), so I'm pretty flabberghasted by this. More so as
I cannot find a mention about this on debian-devel, where I would
assume such decisions would be discussed prior to the actual doing.
Can somebody please shed some light on this?
I was under the impression that the software stack of a
stable/oldstable release does not change anymore (safe for security
updates and suchlike), so I'm pretty flabberghasted by this. More so as
I cannot find a mention about this on debian-devel, where I would
assume such decisions would be discussed prior to the actual doing.
Can somebody please shed some light on this?
Am Freitag, dem 09.08.2024 um 15:27 +0100 schrieb Simon McVittie:
On Fri, 09 Aug 2024 at 13:31:02 +0000, Johannes Drexl wrote:
I was under the impression that the software stack of a
stable/oldstable release does not change anymore (safe for security updates and suchlike), so I'm pretty flabberghasted by this. More
so as
I cannot find a mention about this on debian-devel, where I would
assume such decisions would be discussed prior to the actual doing.
Can somebody please shed some light on this?
debian-devel primarily deals with development of the next version
of Debian, and the (old)stable releases are managed by the stable
release team. Removals and other more major changes in (old)stable
are intentionally rare, but can happen.
In the case of salt, it was removed from Debian 11 in the 11.10 point release, as announced in <https://lists.debian.org/debian-stable-announce/2024/06/msg00000.html> .
This was requested by a security team member in <https://bugs.debian.org/1070175>, prompted by its removal from
unstable in <https://bugs.debian.org/1069654>, which appears to
have been caused by not having any volunteers willing to take responsibility for maintaining this security-sensitive package.
While I get the idea behind this, having salt (as a machine management package) removed from the official mirror in a stable release strikes
me a bit odd - the already installed packages won't be removed, and as
it is a management package, one could expect this gets installed in
automated setups. This wouldn't be a problem as such, if the preseed
file would accept a multitude of mirrors, alas all tests I've done in
the past only allowed for a single source, and using late_command in
the preseed to first inject an additional mirror and then install the
package from there did not work as far as I remember.
It seems I need to fall back to an old version of mirror & PXE package
for the installation.
Older versions of the salt package continue to be available from <https://snapshot.debian.org/package/salt/> but will not receive any security or bug-fix updates. The upstream developers have their own
newer Debian-compatible packages available, https://docs.saltproject.io/salt/install-guide/en/latest/topics/install-by-operating-system/debian.html
(these are not supported by the Debian project).
(Also note that Debian 11 comes to the end of its normal support
lifetime in a few days' time, on 2024-08-14, although the Debian
LTS subproject plans to provide limited security maintenance for an additional 2 years.)
smcvThx, I'm aware I'm on oldstable here, but replacing old systems is
sometimes not as fast as I'd hope it'd be ;)
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 406 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 110:11:55 |
| Calls: | 8,528 |
| Calls today: | 7 |
| Files: | 13,210 |
| Messages: | 5,920,463 |