Re: Compatibility of security mirror

To: Lee Winter <lee.j.i.winter@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Compatibility of security mirror
From: Russ Allbery <rra@debian.org>
Date: Wed, 16 Sep 2009 13:04:53 -0700
Message-id: <[🔎] 87y6oe8xlm.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] cf1144010909161301vdfa0f11o9931ce5f3c1e05ec@mail.gmail.com> (Lee Winter's message of "Wed, 16 Sep 2009 16:01:43 -0400")
References: <[🔎] cf1144010909150911s55ecf1bdr3a2fc9105ff377c4@mail.gmail.com> <[🔎] 878wgf8h98.fsf@frosties.localdomain> <[🔎] cf1144010909160738u3c67b36i54ead014e3a4db5d@mail.gmail.com> <[🔎] 877hvyacn7.fsf@windlord.stanford.edu> <[🔎] cf1144010909161301vdfa0f11o9931ce5f3c1e05ec@mail.gmail.com>

Lee Winter <lee.j.i.winter@gmail.com> writes:
> On Wed, Sep 16, 2009 at 3:54 PM, Russ Allbery <rra@debian.org> wrote:

>> There's a one-to-one correspondance between an entry in sources.list
>> and the metadata that apt expects to find in the repository, which in
>> turn is signed.  You would have to combine the metadata in order to
>> combine the sources.list lines, which would then require resigning the
>> metadata.

> OK, this is where it starts to get interesting.  I didn't see much more
> than passing references to this in the apt doc.  Did I miss it or are
> there other docs that describe the repository structure?  Should I be
> looking at the doc about creating packages or for creating releases?

I'm afraid I have no idea where it might be documented.  The above
statement is from experience dealing with apt and various local
repositories rather than taken from documentation.  :/

Back when I made a foray into writing tools to generate a local repository
and then patching debarchiver, I found it rather difficult to find
coherent documentation of all of the features of the Debian archive layout
and mostly resorted to looking at the Debian archives and reading source
code.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Compatibility of security mirror
  - From: Goswin von Brederlow <goswin-v-b@web.de>

References:
- Compatibility of security mirror
  - From: Lee Winter <lee.j.i.winter@gmail.com>
- Re: Compatibility of security mirror
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Compatibility of security mirror
  - From: Lee Winter <lee.j.i.winter@gmail.com>
- Re: Compatibility of security mirror
  - From: Russ Allbery <rra@debian.org>
- Re: Compatibility of security mirror
  - From: Lee Winter <lee.j.i.winter@gmail.com>

Prev by Date: Re: Compatibility of security mirror
Next by Date: Re: signatures for debs installed manually
Previous by thread: Re: Compatibility of security mirror
Next by thread: Re: Compatibility of security mirror
Index(es):
- Date
- Thread