What does the output of apt-get install --dry-run mean?

Question

I want to upgrade a server to make sure the recent OpenSSL bug gets patched. So, to check the versions of things I'll be installing, I run apt-get install --dry-run, and see a line like:

Inst openssl [1.0.1-4ubuntu5.11] (1.0.1-4ubuntu5.12 Ubuntu:12.04/precise-updates [amd64])

And I realize I don't know what that means. Does it mean it's going to install 1.0.1-4ubuntu5.11 and that 5.12 is available, or that I'm currently running 5.11 and it'll upgrade to 5.12?

As requested, here's the output of apt-cache policy openssl:

openssl:
  Installed: 1.0.1-4ubuntu5.11
  Candidate: 1.0.1-4ubuntu5.12
  Version table:
     1.0.1-4ubuntu5.12 0
        500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
 *** 1.0.1-4ubuntu5.11 0
        100 /var/lib/dpkg/status
     1.0.1-4ubuntu3 0
        500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

... and I think that clears things up. It looks like it'll be grabbing 5.12 from either archive.ubuntu.com or security.ubuntu.com. What's the preceding 500?

Answer 1

The output of apt-get --dry-run means, as you already figured out, that openssl 1.0.1-4ubuntu5.11 is currently installed on your system and that it will be replaced with openssl 1.0.1-4ubuntu5.12 once you run the install command.

The numbers (500 and 100) in the output of apt-cache policy openssl indicate the priority of the given repository. As you can see, there are packages of openssl 1.0.1-4ubuntu5.12 available from two repositories (precise-updates and precise-security), both with a priority of 500. If the precise-security priority were to be 700, apt-get would first try to download the package from that repository.

Answer 2

You're right, it will install openssl 1.0.1-4ubuntu5.12 from http://archive.ubuntu.com.

500 is the priority of the source. See https://wiki.debian.org/AptPreferences