Re: apt 0.6 in experimental
On Sat, Dec 27, 2003 at 01:04:36PM +0200, George Danchev wrote:
> On Saturday 27 December 2003 01:44, Matt Zimmerman wrote:
> > This branch of apt represents a first pass at merging "apt-secure" into
> > apt proper. Other new features are planned, but this is the first. I
> > would very much appreciate if folks would upgrade to this version of apt
> > and help to test it. It should be available within the next day or so
> > from a Debian mirror near you.
>
> Ok, if one have an old debian installations (being upgraded for years or
> so) where the installed packages have not been verified, then he/she
> starts to use the new tools to verify the signatures of newly installed
> debs. Now is there an easy way to check out how many of the installed
> packages were verified for good signature and how many of them were not ?
No, and I don't see much value in attempting to do so. If you want a
paranoid system which has only been affected by authenticated packages, then
you need to reinstall from scratch. It is not sufficient to upgrade
packages which were not authenticated.
There is still a bootstrap problem as far as obtaining authenticated copies
of apt, gnupg, glibc and gcc, but verifiable installation media should take
care of that for new installations.
> > Once you have experimental in your sources.list, do this:
> >
> > apt-get -t experimental install apt
>
> I'm downloading apt 0.6.1 from incoming.debian.org now. Btw, where is the APT
> source control repo presently ? It would be nice if one can check it out from
> cvs.debian.org, svn.debian.org or alioth.debian.org. Thanks.
It is on cvs.debian.org as it has been for many years.
CVSROOT=cvs.debian.org:/cvs/deity
--
- mdz
Reply to: