On Tue, Aug 23, 2016 at 09:34:00PM +0900, Tatsuki Sugiura wrote: > When I add following apt-line to /etc/sources.list, "apt-get update" > always segfaults. > > ------------------- > deb http://ftp.arege.jp/debian-arege unstable ALL > ------------------- The segfault shouldn't happen of course and I have a fix for that, but please realize that this repository operates on borrowed time, which is why I am cc'ing the proclaimed repository provider and write this mail as a warning. The repository is unsigned – apt-get (not 'apt'!) will allow the use of these repositories with a big warning by default in Debian stretch, but afterwards it will be disabled for apt-get as well. It already is for apt, aptitude, synaptics, … Worse, it doesn't have any sort of security information in its Release file which is very bad from a security POV – and the redirection on the domain plays a role in this bug, too. So, even then apt is fixed (the commit notification should follow soon) it is far from all good in terms of apt and this repository. The error message shown (by apt) for such repositories is btw: E: The repository 'http://ftp.arege.jp/debian-arege unstable Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. And a fixed apt-get produces this set: W: The repository 'http://ftp.arege.jp/debian-arege unstable Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. W: No Hash entry in Release file /home/donkult/var/lib/apt/lists/partial/ftp.arege.jp_debian-arege_dists_unstable_Release W: Invalid 'Date' entry in Release file /home/donkult/var/lib/apt/lists/partial/ftp.arege.jp_debian-arege_dists_unstable_Release E: Failed to fetch http://ftp.arege.jp/debian-arege/dists/unstable/ALL/i18n/Translation-en 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature