Re: apt 0.6 in experimental
On Sat, Dec 27, 2003 at 02:11:01AM -0500, Joey Hess wrote:
> Matt Zimmerman wrote:
> > apt-get -t experimental install apt
> >
> > and let me know how it goes.
>
> Aside from losing aptitude, it was a painless upgrade.
>
> W: GPG error: http://non-US.debian.org unstable/non-US Release: The
> following signatures couldn't be verified because the public key is not
> available: NO_PUBKEY B629A24C38C6029A
>
> Isn't there a key for that one? Oh well, I had been meaning to stop
> tracking non-us anyway.
That key is "Debian Archive Automatic Signing Key (2003)
<ftpmaster@debian.org>" which I thought was supposed to be revoked due to
the compromise.
> > No extra effort should be required on your part unless you use non-Debian
> > sources, in which case an extra confirmation step will be required by
> > apt-get, and you should nag the operator to provide Release and Release.gpg
> > files.
>
> I was expecting to see apt-get update whine about my extra-debian
> sources, which lack Release files altogether, and am suprised that it
> seemed to simply ignore the lack of Release files and signatures with
> no warnings:
If you're comparing it to apt-secure, the interface has changed a bit (see
the changelog). Rather than requiring you to declare sources as
authenticated or not, it keeps track of which sources it was able to
authenticate with a trusted key, and warns you if you are about to install a
package from one of the unauthenticated sources. This provides a smoother
transition.
--
- mdz
Reply to: