[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: expiration of jessie-backports Release files

On Wed, 3 Apr 2019, Vincent.Mcintyre@csiro.au wrote:

> Perhaps I should raise it with the team that manages archive.d.o ?

I've tried that, in several variations, and always got the response
that those repositories are there just for archival, and there will
be no change to them.

> But consider the context these Release files are in now - an archive
> which won't be updated into the future. The packages are there,

I've had the idea of adding a feature to apt to allow whitelisting
of known-good Release.gpg files (or InRelease signature snippets),
which it would then treat (after first manually acknowledging it,
perhaps) as a valid signature and no expiry time, for precisely
these archived systems, then retrofitting that onto all SecureAPT
releases (sarge-backports, etch, and newer).

I've not yet done any coding into that direction (lack of time,
got enough hobby projects already).

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**********

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**********
Reply to: