releases-page and apt-repository out of sync!
I'm running gitlab-ce omnibus, usually the latest and greatest, on a "manually-maintained" infrastructure (as opposed to e.g. a kubernetes cluster)
Up until this morning i have been running 13.8.0. I had not upgraded to 13.8.1 yet as I did not see any immediate benefit and it was not security critical. Since we are running a single-instance installation, I tend to put minor updates into less busy hours.
Today I did a routine upgrade of my system, and discovered that there is a new Gitlab-CE package with version 13.8.2 available.
Great!
Heading over to my gitlab instances /admin panel, I see a red badge telling me to upgrade ASAP.
Now in all honesty, I do trust the official Debian repositories a lot more than those of any 3rd party, like e.g. Docker or GitLab. And while I don't check all manual updates of smaller packages from the official Debian repositories, I often do check the changelog of bigger ones (e.g. the kernel) prior to upgrading, as I like to keep the disruption to a minimum.
For 3rd party repositories, I always check what is in the store for me, before I actually do the upgrade. Apart from the obvious benefit (knowing what will change), I consider this as a kind of "two-factor authentication" whether the upgrade is actually sanctioned by upstream.
Now unfortunately, i haven't seen any announcement of 13.8.2 anywhere so far.
My source of truth is typically https://about.gitlab.com/releases/categories/releases/
First time I checked as about 7:00UTC, where the last release mentioned on that page is 13.8.1 from Jan, 26 20202. While I'm writing (8:50UTC), it still shows the 13.8.1 release as the most recent one.
Two (2) hours (most likely more; as the youngest file in the archive has a timestime of "Mon Feb 1 17:35:04 UTC 2021" which was more than 12 hours ago) without announcement for a security-criticial (as per the admin dashboard) update?
Please sync your release announcements with your download repositories.
- the announcement should be made public, as soon as a package's upload to the repository has started.
- if a release has to be retracted, remove it from the repositories and add a separate announcement announcing the retraction.