group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1926208] Re: standard security upgrade counts should not include ESM packages

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1926208@xxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Apr 2021 19:01:48 -0000
Reply-to: Bug 1926208 <1926208@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package update-notifier - 3.192.41

---------------
update-notifier (3.192.41) impish; urgency=medium

  [ Lucas Moura ]

  * data/apt_check.py:
    - Add support to handle packages from ESM Apps in addition to ESM Infra
      and only display alerts if the distro is ESM. (LP: #1924766)
    - Do not display a count of ESM packages if the system does not have ESM
      enabled. (LP: #1883315)
    - Make distinction between standard security updates and ESM updates
      when performing package counts. (LP: #1926208)
    - use 'applied' instead of 'installed', redact 0 of these updates are
      security updates, and correct singular messages
  * debian/control: Add a dependency on python3-distro-info.

 -- Chad Smith <chad.smith@xxxxxxxxxxxxx>  Thu, 22 Apr 2021 17:47:19
-0600

** Changed in: update-notifier (Ubuntu Impish)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1926208

Title:
  standard security upgrade counts should not include ESM packages

Status in update-notifier package in Ubuntu:
  Fix Released
Status in update-notifier source package in Xenial:
  Fix Committed
Status in update-notifier source package in Bionic:
  Fix Committed
Status in update-notifier source package in Focal:
  Fix Committed
Status in update-notifier source package in Groovy:
  New
Status in update-notifier source package in Hirsute:
  Fix Committed
Status in update-notifier source package in Impish:
  Fix Released

Bug description:
  [Impact]
  When users are looking at MOTD messages, they might find the text confusing, since we don't explicitly say that the security updates count are taking into consideration both standard security pockets and ESM pockets.

  [Test Case]
  1. Launch the a xenial container
  2. Add the ubuntu-advantage-tools ppa:
     https://code.launchpad.net/~ua-client/+archive/ubuntu/daily
  3. Install ubuntu-advantage-tools
  4. Attach to ua subscription
  5. Comment out all mentions of xenial-security/xenial-updates in /etc/apt/source.list
  6. Run apt update
  7. Install libkrad0:
     apt install libkrad0=1.13.2+dfsg-5
  8. Run /usr/lib/update-notifier/apt-check --human-readable
  9. See a message like this:

  UA Infra: Extended Security Maintenance (ESM) is not enabled. Install the latest version of uaclient from the stable ppa:
     https://launchpad.net/~ua-client/+archive/ubuntu/stable/d.

  UA Infra: Extended Security Maintenance (ESM) is enabled.

  3 packages can be updated.
  1 of these updates is fixed through UA Infra: ESM.
  1 of these updates is a security update.
  To see these additional updates run: apt list --upgradable

  To verify that the error is fixed:

  1.Perform all the stages above until step 7
  2. Bring back xenial-security on source.list (we need because of the python3-distro-info dependency of update-notifier-common)
  3 Install the new update-notifier from this ppa:
    https://launchpad.net/~lamoura/+archive/ubuntu/update-notifier-test-ppa
  4. Remove xenial-security from source.list again
  5. Run /usr/lib/update-notifier/apt-check --human-readable and see a message like this:

  UA Infra: Extended Security Maintenance (ESM) is enabled.

  4 updates can be installed immediately.
  1 of these updates are UA Infra: ESM security updates.
  To see these additional updates run: apt list --upgradable

  That is now correct.

  [Where problems could occur]

  The changes in this package should only be seen when MOTD is getting a
  new message. If that script fails for some reason, it seems that MOTD
  will only not present the message, which is doesn't seem to be a
  system critical issue. Additionally, we would potentially have
  tracebacks in the update-notifier logs. Finally, if the logic is also
  incorrect, we would be displaying incorrect standard security messages
  to the user.

  [Discussion]
  Currently, we treat the upgrades coming from standard security pocket and ESM service with the same packaging count. This could be confusing, since we don't point that out in the current message that we have:

  5 updates can be installed immediately.
  5 of these updates are provide through UA Infrastructure ESM
  5 of these updates are security updates

  We believe this will be better if the message stated:
  5 updates can be installed immediately.
  5 of these updates are provide through UA Infrastructure ESM

  And if we had a situation like that:

  10 updates can be installed immediately.
  5 of these updates are provide through UA Infrastructure ESM
  8 of these updates are security updates

  We would change it to:

  10 updates can be installed immediately.
  5 of these updates are provide through UA Infrastructure ESM
  3 of these updates are standard security updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926208/+subscriptions