[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-get.org and dangerous updates

Hi,

xavier renaut <list.debian-user@natch.dyndns.org> writes:

> 
> For that very particular problem,
> I'd like to prioritize my sources...
> I searched through to man apt_preference and  man apt.conf,
> but it looks like you can set priorities on packages,
> not on "prefered" sources.

Wrong. Put 

Package: *

in apt_preferences, and the preference will apply to all packages.

> 
> Say I have in my sources.lists
> the official debian sources,
> and I add http://whatever/debian i found on apt-get.org
> to get the very last version of a package.
> 
> Now, if the unofficial repository admin adds a trojaned ssh,
> set the highest priority for the package, and
> set the version number so that it looks like an upgrade,
> how to forbid this trick while still be able to use the 
> unofficial repository... 
> 
> any ideas ?
> 

Use the "pin" feature. You can pin on release, origin, etc ... e.g.:


Package: *
Pin: origin marillat.free.fr
Pin-Priority: 600

Read, e.g. http://www.argon.org/~roderick/apt-pinning.html .

Search the list archives for apt pinning, there have been some
discussions in the past.

hope this helps,

Jaume

--
Reply to: