[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dropping Release and Release.gpg support from APT

On 2019-07-09 20:53, Julian Andres Klode wrote:

we currently have code dealing with falling back from InRelease
to Release{,.gpg} and it's all a bit much IMO. Now that buster
has been released with an InRelease file, the time has IMO come for
us to drop support for the old stuff from APT!

Timeline suggestion
-------------------
now         add a warning to apt 1.9.x for repositories w/o InRelease,
but Release{,.gpg}
Aug/Sep turn the warning into an error, overridable with an option (?) 
Q1 2020     remove the code

My idea being that we give this a cycle in the Ubuntu 18.10 stable
release before we drop it, so people are ready for it.

Why remove it?
--------------
* It's annoying UX to have repositories with Release files and the "Ign" lines 
* Handling the fallback from InRelease to Release{,.gpg} involves some
abstractions
  and logic and the less logic we have in security-relevant file
fetching, the better
One thing worth noting in case we drop support for generating the files: It looks like choose-mirror (no bug found) and net-retriever (bug in [1]) in d-i still use Release and not InRelease. Found by investigating annoying file races internally that would have been solved by InRelease... 

Kind regards
Philipp Kern

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926035
Reply to: