I am running a server with a basic install running stable.

Could someone please explain to me why the update that is made available on security.debian.org is apparently not available to me?

An example:

Today I received a security update regarding gallery, that included the following line:

So, I run apt-get clean. (just to be sure that the cache is clean)
then apt-get update,
then do apt-cache show gallery.

This is part of what I find in the output:

Why is it not the version mentioned in the update message? (1.2.5-8woody3)

Here is my sources list:

Thank you for any assistance
Steve

Here is what I have found out further:

If I remove all the sources except:

I end up with the right version on doing: apt-cache show gallery.

My understanding is that apt automagically finds the latest version of any software from the list of sources given, so what gives?

Steve

MEPIS is not pure Debian eventhough it's based on it.

That is very strange. You are correct: including all the sources should give you the highest version by default. I am not sure what is causing your problem but here is a guess: If somehow you put a package on "hold" then it will not be updated even if there is a newer version. Usually you have to make a conscious decision to do this, however.

If you try adding your other sources again does the problem go away? Or does the package revert to the older version?

Ummm, not sure what that has to do with anything, vlrn.

As I said I am running Debian stable on a server. Netinstall with only the basics, LAMP, ssh etc.

Steve

I haven't pinned anything. This is a stock install .

Hmmm. I did that, and the package reverts to the older version.

What does that mean??

Thanks for the thoughts!

Steve

Perhaps my profile threw you off - see the updated version

Steve

What does

apt-cache showpkg gallery

show you? It should show that both versions are available.

Also try

dpkg -l gallery

to see the package states (just to make sure).

You don't necessarily need to mess around with config files to
put packages on hold. I don't think it is equivalent to pinning
a package.

I don't know whether posting these two pieces of output will help,
but it will at least establish the problem.

Yes it does! I did not see that there were TWO entries, one of which referred to the newer version. Thanks for pointing that out.

I hadn't installed the prg yet, so that would not help here. If I had installed, it would have installed the newer version, I'm sure.

Phew, that feels better!

Thanks
Steve

Yeah, 'hold' applies to a package, and is a dpkg command, while 'pinning' refers to setting priorities to the apt-get utility in apt_preferences. I think you can use pinning to hold a package as well though, if I read the man correctly.

From here

....
The format is simple:

Package: <package>
Pin: <pin definition>
Pin-Priority: <pin's priority>

For example, to keep package sylpheed that I have modified to use "reply-to-list" at version 0.4.99, I add:

Package: sylpheed
Pin: version 0.4.99*

Note that I used an * (asterisk). This is a "wildcard"; it say that I want that this "pin" to be valid for all versions beginning with 0.4.99. This is because Debian versions its packages with a "Debian revision" and I don't want to avoid the installation of these revisions. So, for instance, versions 0.4.99-1 and 0.4.99-10 will be installed as soon as they are made available. Note that if you modified the package you won't want to do things this way.

The pin priority helps determine whether a package matching the "Packages:" and "Pin:" lines will be installed, with higher priorities making it more likely that a matching package will be installed. You can read apt_preferences(7) for a thorough discussion of priorities, but a few examples should give the basic idea. The following describes the effect of setting the priority field to different values in the sylpheed example above.

1001
Sylpheed version 0.4.99 will never be replaced by apt. If available, apt will install version 0.4.99 even if it would replace an installed package with a higher version. Only packages of priority greater than 1000 will ever downgrade an existing package.

1000
The effect is the same as priority 1001, except that apt will refuse to downgrade an installed version to 0.4.99
.....

Ah, the wonders of Debian


Steve