On May 13, Holger Levsen <holger@layer-acht.org> wrote: > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. I strongly object to adding this package, and its dependency gettext-base, to the transitive essential set. There are many situations where this package is not needed (e.g. containers, where Debian is already quite suboptimal) and it is wrong to force it on every system because it wastes disk space and may cause future troubles (and it already doing this now). This is not acceptable for a package with such a low popcon ranking. I tried installing it (I had never heard of it before) and I see that it immediately complains about the version of binutils currently in unstable, so I also have serious doubts about the usefulness of a security tool which will always report an alarm. -- ciao, Marco
Attachment:
signature.asc
Description: PGP signature