[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apt-get.org and dangerous updates

|What I do personally for backports is to add the relevant line to my
|sources.list... eg the place I found for bogofilter: 
|  deb http://debian.ipsyn.net/debian woody ipsyn)
|(do the obligatory apt-get update)
|Then apt-get the *particular package* from the command-line
|Then comment out the line in sources.list and do the obligatory apt-get
|update again.
|This prevents accidentally updating *other* packages to somebody's
|unofficial version.

For that very particular problem,
I'd like to prioritize my sources...
I searched through to man apt_preference and  man apt.conf,
but it looks like you can set priorities on packages,
not on "prefered" sources.

Say I have in my sources.lists
the official debian sources,
and I add http://whatever/debian i found on apt-get.org
to get the very last version of a package.

Now, if the unofficial repository admin adds a trojaned ssh,
set the highest priority for the package, and
set the version number so that it looks like an upgrade,
how to forbid this trick while still be able to use the 
unofficial repository... 

any ideas ?


xavier renaut

Reply to: