Bug#302223: apt 0.6 doesn't complain about missing release file

To: Matt Zimmerman <mdz@debian.org>
Cc: 302223@bugs.debian.org
Subject: Bug#302223: apt 0.6 doesn't complain about missing release file
From: Guido Guenther <agx@debian.org>
Date: Fri, 1 Apr 2005 09:46:47 +0200
Message-id: <[🔎] 20050401074647.GD19253@bogon.ms20.nix>
Reply-to: Guido Guenther <agx@debian.org>, 302223@bugs.debian.org
In-reply-to: <20050331164706.GX9266@alcor.net>
References: <20050330182721.GA13096@bogon.ms20.nix> <20050330205112.GE9266@alcor.net> <20050331075022.GA16386@bogon.ms20.nix> <20050331164706.GX9266@alcor.net>

On Thu, Mar 31, 2005 at 08:47:06AM -0800, Matt Zimmerman wrote:
> On Thu, Mar 31, 2005 at 09:50:23AM +0200, Guido Guenther wrote:
> 
> > On Wed, Mar 30, 2005 at 12:51:12PM -0800, Matt Zimmerman wrote:
> > > Send apt-get update output.
> > root@batzen:~# apt-get update
> > Ign http://honk.physik.uni-konstanz.de mplayer/ Release.gpg
> > Ign http://honk.physik.uni-konstanz.de mplayer/ Release
> > Get:1 http://debian.physik.uni-konstanz.de sarge Release.gpg [197B]
> > Get:2 http://debian.physik.uni-konstanz.de experimental Release.gpg [197B]
> > Get:3 http://debian.physik.uni-konstanz.de unstable Release.gpg [197B]
> > Hit http://honk.physik.uni-konstanz.de mplayer/ Packages
> > Get:4 http://debian.physik.uni-konstanz.de sarge Release [22.8kB]
> > Get:5 http://debian.physik.uni-konstanz.de experimental Release [21.6kB]
> > Get:6 http://debian.physik.uni-konstanz.de unstable Release [34.1kB]
> > Get:7 http://debian.physik.uni-konstanz.de sarge/main Packages [3151kB]
> > Hit http://debian.physik.uni-konstanz.de sarge/non-free Packages               
> > Get:8 http://debian.physik.uni-konstanz.de sarge/contrib Packages [52.9kB]     
> > Get:9 http://debian.physik.uni-konstanz.de experimental/main Packages [97.5kB] 
> > Hit http://debian.physik.uni-konstanz.de experimental/non-free Packages        
> > Get:10 http://debian.physik.uni-konstanz.de experimental/contrib Packages [4221B]
> > Get:11 http://debian.physik.uni-konstanz.de unstable/main Sources [1358kB]     
> > Fetched 4742kB in 23s (202kB/s)                                                                                                                              
> > Reading Package Lists... Done
> > 
> > See the first two lines. It says that it's ignoring the release file,
> > but since it complains about unknown signatures very loudly, shouldn't
> > it complain about missing release files too?
> 
> Release files have, and will continue to be, optional.  Release.gpg is also
> optional, regardless of whether Release is present.  apt-get asks for
> confirmation before installing packages from an unauthenticated source.
It's just kind of inconsistent to complain about bad signatures when
downloading the release and to complain about about unauthenticated
sources at a later stage...but as long as release files are optional
we'll have to live with that.
Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Bug#302223: apt 0.6 doesn't complain about missing release file
  - From: Matt Zimmerman <mdz@debian.org>

Next by Date: Processed: Re: Bug#302313: 100% CPU in combination with trickle (B/W shaping)
Next by thread: Bug#302223: apt 0.6 doesn't complain about missing release file
Index(es):
- Date
- Thread