Re: squeeze-backports archive repo "Release file expired"
On Wed, 21 Sep 2016, Niall Chapman wrote:
> > Thats by design. It is an archive and files are archived as they are. You
> > should not use those distributions anymore.
> I realise that I "shouldn't" use those distributions any more, but I
> have a squeeze server that I cannot upgrade but which I need to be able
> to upgrade some packages on it and continue using, and I'm trying to
> find the most sensible way to do so.
Yes, I know that feeling… nobody wants to re-sign the archived
Release files, and disabling SecureAPT, which is rather stupid
as it does more, is the only thing you can do, eventually.
For now, APT gained an option Acquire::Check-Valid-Until which
helps, for a while — until the PGP key used to sign it has
expired (which happened to my lenny cowbuilder chroot recently).
It’s rather funny that securing APT made it less secure for
archived distributions. I believe that there should be a
mechanism other than backdating the clock to keep them usable
(if alone for regression testing, historic research, and all
that, if not business needs; thankfully we don’t run lenny
any more, but…).
OTOH, that’s not a backports-specific discussion.
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Reply to: