aptitude: untrusted packages
Hi,
Aptitude gave me a rather unexpected message today.
$ aptitude -s upgrade
<...>
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.
yaird
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No":
$ apt-cache policy yaird
yaird:
Installed: 0.0.11-10
Candidate: 0.0.11-11
Version table:
0.0.11-11 0
900 http://ftp.nl.debian.org sid/main Packages
700 http://debian.jones.dk sid/misc Packages
*** 0.0.11-10 0
890 http://ftp.nl.debian.org etch/main Packages
100 /var/lib/dpkg/status
I know that the message is a result of not having the gpg key for
debian.jones.dk in my keyring, but I'm not trying to install the
version from debian.jones.dk.
I don't have the key in my keyring because I don't trust the packages
there. I want to be notified when trying to install one of them.
When I answer yes to the question above, aptitude will get the
(trusted) package from ftp.nl.debian.org. So why does it warn me about
untrusted packages? I want to be able to install yaird (from the
normal repositories) without this warning. Only when a package will
actually be retreived from an untrusted source should aptitude warn
me.
Does anyone know what to do about this, or should I consider this a
bug and file a report?
Felix
--
Felix C. Stegerman <flx@hccnet.nl>
"Any sufficiently advanced bug is indistinguishable from a feature."
-- R. Kulawiec
Reply to: