From: Kolbjørn Barmen <kolbjorn.barmen@uninett.no>
Date: Fri, 3 Nov 2017 10:14:35 +0000 (+0100)
Subject: debian-updates is not security updates
X-Git-Tag: 4.4.1~9^2~1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=5c6dc12774d2a3a5873d6fadecf8b1d552511931;hp=e9b2b123c7e06ec753f1bd49b91ca983957b66b9;p=puppet-modules%2Fpuppetlabs-apt.git

debian-updates is not security updates

Debian-updates are pending packages between dot-releases,
they are not security updates. When Debian has a dot-release,
for example 8.7, debian-updates is empty. Between 8.7 and 8.8,
updates packages go to debian-updates, and on 8.8, all packages
in debian-updates are moved (or replaced) by packages in the main
repo, leaving debian-updates empty again. Security updates are
managed outside of this.
---

diff --git a/lib/facter/apt_updates.rb b/lib/facter/apt_updates.rb
index f0fa302..89bc37e 100644
--- a/lib/facter/apt_updates.rb
+++ b/lib/facter/apt_updates.rb
@@ -10,7 +10,6 @@ Facter.add('apt_has_updates') do
         package = line.gsub(%r{^Inst\s([^\s]+)\s.*}, '\1').strip
         apt_package_updates[0].push(package)
         security_matches = [
-          %r{ Debian[^\s]+-updates[, ]},
           %r{ Debian-Security:},
           %r{ Ubuntu[^\s]+-security[, ]},
           %r{ gNewSense[^\s]+-security[, ]},