Re: expiration of jessie-backports Release files
On Wed, 3 Apr 2019, Vincent.Mcintyre@csiro.au wrote:
> Perhaps I should raise it with the team that manages archive.d.o ?
I've tried that, in several variations, and always got the response
that those repositories are there just for archival, and there will
be no change to them.
> But consider the context these Release files are in now - an archive
> which won't be updated into the future. The packages are there,
I've had the idea of adding a feature to apt to allow whitelisting
of known-good Release.gpg files (or InRelease signature snippets),
which it would then treat (after first manually acknowledging it,
perhaps) as a valid signature and no expiry time, for precisely
these archived systems, then retrofitting that onto all SecureAPT
releases (sarge-backports, etch, and newer).
I've not yet done any coding into that direction (lack of time,
got enough hobby projects already).
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
**********
Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.
Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.
**********
Reply to: