[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: expiration of jessie-backports Release files

On Wed, 3 Apr 2019, Vincent.Mcintyre@csiro.au wrote:

> Perhaps I should raise it with the team that manages archive.d.o ?

I've tried that, in several variations, and always got the response
that those repositories are there just for archival, and there will
be no change to them.

> But consider the context these Release files are in now - an archive
> which won't be updated into the future. The packages are there,

I've had the idea of adding a feature to apt to allow whitelisting
of known-good Release.gpg files (or InRelease signature snippets),
which it would then treat (after first manually acknowledging it,
perhaps) as a valid signature and no expiry time, for precisely
these archived systems, then retrofitting that onto all SecureAPT
releases (sarge-backports, etch, and newer).

I've not yet done any coding into that direction (lack of time,
got enough hobby projects already).

tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg


Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.


Reply to: