Tuna 的 Debian 镜像比官网版本落后一些

[LittleNewton]

先决条件 (Prerequisites)

• [X] 我已确认这个问题没有在其他 issues中提出过。 I am sure that this problem has NEVER been discussed in other issues.

发生了什么（What happened）

本人使用的清华 tuna 源：

# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware

# deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware

deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

本人的 package 列表:

# 1. 更新 apt
sudo apt update

# 2. 删除 libreoffice 这个从来都不用的软件，然后 autoremove 一些绝对不用的软件
sudo apt remove --purge "libreoffice*" ; sudo apt autoremove

# 3. 升级现有软件 (应该不多，否则就是你没选择合适的 DVD 镜像)
sudo apt update && sudo sudo apt upgrade && sudo apt dist-upgrade

# 4. 安装常用软件
sudo apt install cockpit cockpit-pcp
sudo apt install bat curl pandoc ripgrep rsync tmux tree wget
sudo apt install bridge-utils net-tools systemd-resolved systemd-timesyncd
sudo apt install btop duf htop neofetch open-vm-tools s-tui sysstat
sudo apt install cifs-utils fio nfs-common open-iscsi
sudo apt install bison clang flex g++ gcc gdb git golang luarocks openjdk-17-jdk repo ruby rust-all vim
sudo apt install libssl-dev

# 5. 后面会单独配置 docker-ce，因此不要安装 docker.io

本人出国后不再需要使用镜像代理，使用了官方的源：

deb https://ftp.debian.org/debian/ bookworm contrib main non-free non-free-firmware
# deb-src https://ftp.debian.org/debian/ bookworm contrib main non-free non-free-firmware

deb https://ftp.debian.org/debian/ bookworm-updates contrib main non-free non-free-firmware
# deb-src https://ftp.debian.org/debian/ bookworm-updates contrib main non-free non-free-firmware

deb https://ftp.debian.org/debian/ bookworm-proposed-updates contrib main non-free non-free-firmware
# deb-src https://ftp.debian.org/debian/ bookworm-proposed-updates contrib main non-free non-free-firmware

deb https://ftp.debian.org/debian/ bookworm-backports contrib main non-free non-free-firmware
# deb-src https://ftp.debian.org/debian/ bookworm-backports contrib main non-free non-free-firmware

deb https://security.debian.org/debian-security/ bookworm-security contrib main non-free non-free-firmware
# deb-src https://security.debian.org/debian-security/ bookworm-security contrib main non-free non-free-firmware

随后发现

• 通过查看批量更新服务器 package 脚本的 log，我发现某几次国外这台服务器会有更新，但是国内的五六台机器都没更新；
• 今天我查看了 tuna 的同步时间，尽管 tuna 声称已于 6.17 进行了更新，但是我在换了官方源之后，又有如下更新：

bash/proposed-updates 5.2.15-2+b7 amd64 [upgradable from: 5.2.15-2+b2]
curl/proposed-updates 7.88.1-10+deb12u6 amd64 [upgradable from: 7.88.1-10+deb12u5]
distro-info-data/proposed-updates 0.58+deb12u2 all [upgradable from: 0.58+deb12u1]
dns-root-data/proposed-updates 2024041801~deb12u1 all [upgradable from: 2023010101]
gnutls-bin/proposed-updates 3.7.9-2+deb12u3 amd64 [upgradable from: 3.7.9-2+deb12u2]
intel-microcode/proposed-updates 3.20240514.1~deb12u1 amd64 [upgradable from: 3.20231114.1~deb12u1]
libcurl3-gnutls/proposed-updates 7.88.1-10+deb12u6 amd64 [upgradable from: 7.88.1-10+deb12u5]
libcurl3-nss/proposed-updates 7.88.1-10+deb12u6 amd64 [upgradable from: 7.88.1-10+deb12u5]
libcurl4/proposed-updates 7.88.1-10+deb12u6 amd64 [upgradable from: 7.88.1-10+deb12u5]
libfreetype6/proposed-updates 2.12.1+dfsg-5+deb12u3 amd64 [upgradable from: 2.12.1+dfsg-5]
libglib2.0-0/proposed-updates 2.74.6-2+deb12u3 amd64 [upgradable from: 2.74.6-2+deb12u2]
libglib2.0-bin/proposed-updates 2.74.6-2+deb12u3 amd64 [upgradable from: 2.74.6-2+deb12u2]
libglib2.0-data/proposed-updates 2.74.6-2+deb12u3 all [upgradable from: 2.74.6-2+deb12u2]
libgnutls-dane0/proposed-updates 3.7.9-2+deb12u3 amd64 [upgradable from: 3.7.9-2+deb12u2]
libgnutls30/proposed-updates 3.7.9-2+deb12u3 amd64 [upgradable from: 3.7.9-2+deb12u2]
libkf5kmanagesieve5/proposed-updates 4:22.12.3-1+deb12u1 amd64 [upgradable from: 4:22.12.3-1]
libkf5ksieve-data/proposed-updates 4:22.12.3-1+deb12u1 all [upgradable from: 4:22.12.3-1]
libkf5ksieve5/proposed-updates 4:22.12.3-1+deb12u1 amd64 [upgradable from: 4:22.12.3-1]
libkf5ksieveui5/proposed-updates 4:22.12.3-1+deb12u1 amd64 [upgradable from: 4:22.12.3-1]
libltdl7/proposed-updates 2.4.7-7~deb12u1 amd64 [upgradable from: 2.4.7-5]
libnss-myhostname/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
libnss-mymachines/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
libnss-resolve/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
libpam-systemd/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
libpq5/proposed-updates 15.7-0+deb12u1 amd64 [upgradable from: 15.6-0+deb12u1]
libpython3.11-dev/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
libpython3.11-minimal/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
libpython3.11-stdlib/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
libpython3.11/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
libqt5concurrent5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5core5a/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5dbus5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5gui5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5network5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5printsupport5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5sql5-mysql/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5sql5-sqlite/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5sql5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5test5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5widgets5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libqt5xml5/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
libseccomp2/proposed-updates 2.5.4-1+deb12u1 amd64 [upgradable from: 2.5.4-1+b3]
libssl-dev/proposed-updates 3.0.13-1~deb12u1 amd64 [upgradable from: 3.0.11-1~deb12u2]
libssl3/proposed-updates 3.0.13-1~deb12u1 amd64 [upgradable from: 3.0.11-1~deb12u2]
libsystemd-shared/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
libsystemd0/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
libtommath1/proposed-updates 1.2.0-6+deb12u1 amd64 [upgradable from: 1.2.0-6]
libudev1/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
nano/proposed-updates 7.2-1+deb12u1 amd64 [upgradable from: 7.2-1]
openssl/proposed-updates 3.0.13-1~deb12u1 amd64 [upgradable from: 3.0.11-1~deb12u2]
prometheus-node-exporter-collectors/proposed-updates 0.0~git20230203.6f710f8-1+deb12u1 all [upgradable from: 0.0~git20230203.6f710f8-1]
python3-idna/proposed-updates 3.3-1+deb12u1 all [upgradable from: 3.3-1]
python3-software-properties/proposed-updates 0.99.30-4.1~deb12u1 all [upgradable from: 0.99.30-4]
python3.11-dev/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
python3.11-minimal/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
python3.11/proposed-updates 3.11.2-6+deb12u2 amd64 [upgradable from: 3.11.2-6]
qemu-block-extra/proposed-updates 1:7.2+dfsg-7+deb12u6 amd64 [upgradable from: 1:7.2+dfsg-7+deb12u5]
qemu-system-common/proposed-updates 1:7.2+dfsg-7+deb12u6 amd64 [upgradable from: 1:7.2+dfsg-7+deb12u5]
qemu-system-data/proposed-updates 1:7.2+dfsg-7+deb12u6 all [upgradable from: 1:7.2+dfsg-7+deb12u5]
qemu-system-gui/proposed-updates 1:7.2+dfsg-7+deb12u6 amd64 [upgradable from: 1:7.2+dfsg-7+deb12u5]
qemu-system-x86/proposed-updates 1:7.2+dfsg-7+deb12u6 amd64 [upgradable from: 1:7.2+dfsg-7+deb12u5]
qemu-utils/proposed-updates 1:7.2+dfsg-7+deb12u6 amd64 [upgradable from: 1:7.2+dfsg-7+deb12u5]
qt5-gtk-platformtheme/proposed-updates 5.15.8+dfsg-11+deb12u1 amd64 [upgradable from: 5.15.8+dfsg-11]
shim-helpers-amd64-signed/proposed-updates 1+15.8+1~deb12u1 amd64 [upgradable from: 1+15.7+1]
shim-unsigned/proposed-updates 15.8-1~deb12u1 amd64 [upgradable from: 15.7-1]
software-properties-common/proposed-updates 0.99.30-4.1~deb12u1 all [upgradable from: 0.99.30-4]
software-properties-qt/proposed-updates 0.99.30-4.1~deb12u1 all [upgradable from: 0.99.30-4]
systemd-container/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
systemd-coredump/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
systemd-resolved/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
systemd-sysv/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
systemd-timesyncd/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
systemd/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
udev/proposed-updates 252.26-1~deb12u2 amd64 [upgradable from: 252.22-1~deb12u1]
zsh/proposed-updates 5.9-4+b5 amd64 [upgradable from: 5.9-4+b2]

很难认为是官网在半天之内进行了如此多关键组件的更新。鉴于本人不熟悉debian社区的更新机制和日志规则，仅提供此现象的简单表述，以供debug.

期望的现象（What you expected to happen）

可以和官方源的行为保持近似一致。

如何重现此问题（How to reproduce it）

使用 tuna 源进行更新并 upgrade 到 latest，随后切换到 debian 官方源进行更新，对比差异。

操作系统（OS Version）

Debian 12 bookworm

浏览器（如果适用）（Browser version, if applicable）

Chrome

其他环境（Other environments）

No response

其他需要说明的事项（Anything else we need to know）

GPT 对此评价

bash - 从版本 5.2.15-2+b2 更新到 5.2.15-2+b7
curl - 包括 curl 本身和与之相关的库如 libcurl3-gnutls, libcurl3-nss, 和 libcurl4，都从 7.88.1-10+deb12u5 更新到 7.88.1-10+deb12u6
libglib2.0 - 系列，包括库和二进制文件，从 2.74.6-2+deb12u2 更新到 2.74.6-2+deb12u3
systemd - 系列，涵盖 libsystemd0, systemd, udev 等，从 252.22-1~deb12u1 更新到 252.26-1~deb12u2
libqt5 - 系列，覆盖多个Qt5库，如 libqt5core5a, libqt5gui5 等，从 5.15.8+dfsg-11 更新到 5.15.8+dfsg-11+deb12u1
gnutls - 包括 gnutls-bin, libgnutls-dane0, 和 libgnutls30，从 3.7.9-2+deb12u2 更新到 3.7.9-2+deb12u3
python3.11 - 包括开发包和标准库等，从 3.11.2-6 更新到 3.11.2-6+deb12u2
安全和修正更新
intel-microcode - 从 3.20231114.1~deb12u1 更新到 3.20240514.1~deb12u1，可能涉及安全漏洞修复或功能改进。
openssl 和 libssl - 从 3.0.11-1~deb12u2 更新到 3.0.13-1~deb12u1，这通常关联安全修复。
特别注意
软件包如 bash, systemd, curl, qt5 系列及其依赖的库经常是系统安全和稳定运行的关键，因此需要特别关注其更新。
更新列表中包括多个 all 架构的软件包，这表示它们是独立于平台的，通常包含脚本或配置文件。
这份列表是系统维护者关注的重点，涵盖了从基本的系统工具到应用级库的广泛更新，确保系统的安全性、稳定性和最新性。对于系统管理员来说，理解这些更新的内容和重要性对于保持系统环境的健康至关重要。

[taoky]

请阅读 https://wiki.debian.org/StableProposedUpdates，了解你是否真的对 proposed-updates 有需求。

[taoky]

以及就算真的要使用 proposed-updates，你的镜像配置也完全没有写这个 dist，因此这是你的配置问题。

[Harry-Chen]

TUNA 和上游原样同步，也有你使用的 stable-proposed-updates 组件。正如 @taoky 所说，慎重考虑使用此组件。

[LittleNewton]

@taoky 感谢提醒，因为我对linux不是很熟悉，所以提了这个很简单的问题。非常感谢。

[LittleNewton]

TUNA 和上游原样同步，也有你使用的 stable-proposed-updates 组件。正如 @taoky 所说，慎重考虑使用此组件。

根据您的经验，请问 stable-proposed-updates 组件会带来生产稳定性的问题吗？我准备关闭这个 dist，毕竟官网描述不建议在生产环境 enable 它。