Bug#953109: Recommend [check-valid-until=no] by default

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#953109: Recommend [check-valid-until=no] by default
From: chrysn <chrysn@fsfe.org>
Date: Wed, 4 Mar 2020 17:52:59 +0100
Message-id: <[🔎] 20200304165259.GA1106237@hephaistos.amsuess.com>
Reply-to: chrysn <chrysn@fsfe.org>, 953109@bugs.debian.org

Package: snapshot.debian.org
Severity: minor
Tags: patch

With the last unsupporting version being oldoldstable,
[check-valid-until=no] should be in the sources.list line everyone[1]
copies over.

I've pushed a version with a suggested fix to
https://salsa.debian.org/chrysn-guest/snapshot/-/tree/default-check-valid-until
for easy merging, or attached as a patch if that better suites your
workflow.

[1] Well, I do. Just spent yet another run of changing / etckeeper
committing / apt update where I should really have known but mindlessly
copy-pasted anyway.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-rc2 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom

From 1264f8c9f59edb67bac0cd3d8dc237472b9e8b93 Mon Sep 17 00:00:00 2001
From: chrysn <chrysn@fsfe.org>
Date: Wed, 4 Mar 2020 17:47:30 +0100
Subject: [PATCH] Advertise [check-valid-until=no] by default

With all recent Debian versions supporting it, the recommendation can go
into what is most commonly copy-pasted, with just a note on older
versions.
---
 web/app/snapshot/templates/description.mako | 28 ++++++++-------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/web/app/snapshot/templates/description.mako b/web/app/snapshot/templates/description.mako
index 294fb32..12513b0 100644
--- a/web/app/snapshot/templates/description.mako
+++ b/web/app/snapshot/templates/description.mako
@@ -54,10 +54,10 @@ If you want to add a specific date's archive to your apt <code>sources.list</cod
 add an entry like these:
 </p>
 <pre>
-deb     <a href="/archive/debian/20091004T111800Z/">https://snapshot.debian.org/archive/debian/20091004T111800Z/</a> lenny main
-deb-src <a href="/archive/debian/20091004T111800Z/">https://snapshot.debian.org/archive/debian/20091004T111800Z/</a> lenny main
-deb     <a href="/archive/debian-security/20091004T121501Z/">https://snapshot.debian.org/archive/debian-security/20091004T121501Z/</a> lenny/updates main
-deb-src <a href="/archive/debian-security/20091004T121501Z/">https://snapshot.debian.org/archive/debian-security/20091004T121501Z/</a> lenny/updates main
+deb     [check-valid-until=no] <a href="/archive/debian/20091004T111800Z/">https://snapshot.debian.org/archive/debian/20091004T111800Z/</a> lenny main
+deb-src [check-valid-until=no] <a href="/archive/debian/20091004T111800Z/">https://snapshot.debian.org/archive/debian/20091004T111800Z/</a> lenny main
+deb     [check-valid-until=no] <a href="/archive/debian-security/20091004T121501Z/">https://snapshot.debian.org/archive/debian-security/20091004T121501Z/</a> lenny/updates main
+deb-src [check-valid-until=no] <a href="/archive/debian-security/20091004T121501Z/">https://snapshot.debian.org/archive/debian-security/20091004T121501Z/</a> lenny/updates main
 </pre>
 <p>
 To access snapshots using https, you need to install the ca-certificates
@@ -73,21 +73,13 @@ is no import at the exact time you specified you will get the latest
 available timestamp which is before the time you specified.
 </p>
 <p>
-To access snapshots of suites using Valid-Until that are older than a dozen days,
-it is necessary to ignore the Valid-Until header within Release files, in order
-to prevent apt from disregarding snapshot entries ("Release file expired").  Use
-<code>aptitude -o Acquire::Check-Valid-Until=false update</code> or
-<code>apt-get -o Acquire::Check-Valid-Until=false update</code> for this purpose.
-</p>
-<p>
-If you use at least apt version 1.1.exp9 (stretch and later), you can use this instead:
+The <code>[check-valid-until=no]</code> option is necessary to access suites
+older than a dozen days, as their Valid-Until header has expired.
+If you use apt versions before 1.1.exp9 (jessie and older), you have to elide
+the option and use <code>aptitude -o Acquire::Check-Valid-Until=false
+update</code> or <code>apt-get -o Acquire::Check-Valid-Until=false
+update</code> instead.
 </p>
-<pre>
-deb     [check-valid-until=no] <a href="/archive/debian/20091004T111800Z/">https://snapshot.debian.org/archive/debian/20091004T111800Z/</a> lenny main
-deb-src [check-valid-until=no] <a href="/archive/debian/20091004T111800Z/">https://snapshot.debian.org/archive/debian/20091004T111800Z/</a> lenny main
-deb     [check-valid-until=no] <a href="/archive/debian-security/20091004T121501Z/">https://snapshot.debian.org/archive/debian-security/20091004T121501Z/</a> lenny/updates main
-deb-src [check-valid-until=no] <a href="/archive/debian-security/20091004T121501Z/">https://snapshot.debian.org/archive/debian-security/20091004T121501Z/</a> lenny/updates main
-</pre>
 
 <p style="margin-top:2em;">
 If you want anything related to a specific package simply enter the
-- 
2.25.1

Attachment: signature.asc
Description: PGP signature

Reply to:

Index(es):
- Date
- Thread