Re: expiration of jessie-backports Release files
On Wed, Apr 03, 2019 at 07:45:22AM +0200, Alexander Wirt wrote:
> On Wed, 03 Apr 2019, Vincent.Mcintyre@csiro.au wrote:
> > Hi,
> > this seems to be a new issue with the Jessie release.
> > The issue:
> > - in the Release file on archive.d.o  we have
> > Codename: jessie-backports
> > Date: Tue, 12 Feb 2019 20:25:43 UTC
> > Valid-Until: Tue, 19 Feb 2019 20:25:43 UTC
> > NotAutomatic: yes
> > - in the Release file for wheezy-backports  we have
> > Codename: wheezy-backports
> > Date: Wed, 24 Jan 2018 08:51:34 UTC
> > NotAutomatic: yes
> > which causes apt to rightly complain that the Release file is out
> > of date and refuse to use the package source.
> > However it would be useful to me to be able to access packages from
> > that suite from time to time as we phase out our jessie machines.
> > Are there any plans to remove the Valid-Until lines from the
> > archive.d.o copy of the Release and InRelease files and re-sign them?
> No, thats the way its supposed to work, valid-until was added to indicate
> that a release is out of support. Valid-until support in apt was added after
> wheezy support, therefore it isn't a suprise that wheezy doesn't have that
Sure, I understand that.
But consider the context these Release files are in now - an archive
which won't be updated into the future. The packages are there,
still available if necessary, but it should be clear to anyone using
it that the packages are no longer supported.
This isn't really a problem for the backports team per se, I raised
it here because I noticed it in the context of the backports.
But now I am wondering if this will apply to other jessie components
that will eventually end up only available from archive.d.o.
Perhaps I should raise it with the team that manages archive.d.o ?
I'm not sure what the right channel is to do that - can you suggest
who to contact?
The motivation for raising this is that if I have to refresh the files
in /var/lib/apt/lists on a machine which has jessie-backports as one
of its package sources, the only way to make this work is:
apt -o Acquire::Check-Valid-Until=false update
Which turns off the validation for all package sources, no?
It's fine for a one-off invocation, but not so fine generally.
If the copies of the Release files on archive.d.o had the Valid-Until
line removed, exactly because they are never going to be updated again,
this would avoid the issue. At least that is my understanding.
One could also put this issue in another way - if the Release file
says "all these packages are out of date, don't install them" is
there any reason for them to exist on archive.d.o at all?