Re: apt-get.org and dangerous updates
xavier renaut <firstname.lastname@example.org> writes:
> For that very particular problem,
> I'd like to prioritize my sources...
> I searched through to man apt_preference and man apt.conf,
> but it looks like you can set priorities on packages,
> not on "prefered" sources.
in apt_preferences, and the preference will apply to all packages.
> Say I have in my sources.lists
> the official debian sources,
> and I add http://whatever/debian i found on apt-get.org
> to get the very last version of a package.
> Now, if the unofficial repository admin adds a trojaned ssh,
> set the highest priority for the package, and
> set the version number so that it looks like an upgrade,
> how to forbid this trick while still be able to use the
> unofficial repository...
> any ideas ?
Use the "pin" feature. You can pin on release, origin, etc ... e.g.:
Pin: origin marillat.free.fr
Read, e.g. http://www.argon.org/~roderick/apt-pinning.html .
Search the list archives for apt pinning, there have been some
discussions in the past.
hope this helps,