Re: apt-get.org and dangerous updates
Hi,
xavier renaut <list.debian-user@natch.dyndns.org> writes:
>
> For that very particular problem,
> I'd like to prioritize my sources...
> I searched through to man apt_preference and man apt.conf,
> but it looks like you can set priorities on packages,
> not on "prefered" sources.
Wrong. Put
Package: *
in apt_preferences, and the preference will apply to all packages.
>
> Say I have in my sources.lists
> the official debian sources,
> and I add http://whatever/debian i found on apt-get.org
> to get the very last version of a package.
>
> Now, if the unofficial repository admin adds a trojaned ssh,
> set the highest priority for the package, and
> set the version number so that it looks like an upgrade,
> how to forbid this trick while still be able to use the
> unofficial repository...
>
> any ideas ?
>
Use the "pin" feature. You can pin on release, origin, etc ... e.g.:
Package: *
Pin: origin marillat.free.fr
Pin-Priority: 600
Read, e.g. http://www.argon.org/~roderick/apt-pinning.html .
Search the list archives for apt pinning, there have been some
discussions in the past.
hope this helps,
Jaume
--
Reply to: