On Tue, Mar 26, 2002 at 09:21:01PM -0500, Ben Collins wrote:
> By the time your example gets to checking sigs, the depends have already
> been figured and things have been downloaded by apt, and are trying to
> be installed. It's too late at that point to reject a package you don't
> want, given that it successfully meets the signature criteria. Apt-get
> already has mechanism to control what packages from which sources you
> want to take into account.
I assume the Release file will be signed?
(ie. the file that is used for checking in /etc/apt/preferences?)
If so, this may be another alternative.
If not, then any criteria you set in /etc/apt/preferences can
be faked by changing the details in the downloaded Release file.
Brian May <firstname.lastname@example.org>
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org