Re: Debian packages without md5sums

To: debian-user@lists.debian.org
Subject: Re: Debian packages without md5sums
From: Carl Johnson <carlj@peak.org>
Date: 06 Oct 2007 20:11:12 -0700
Message-id: <[🔎] 871wc7ei0f.fsf@cjlinux.localnet>
In-reply-to: <[🔎] 20071006005442.GA19706@alpaca>
References: <fc4ca6$5tg$1@sea.gmane.org> <20070911181553.GB18618@localhost.localdomain> <fc9lgh$j1h$1@sea.gmane.org> <20070923083220.GA23398@debian.org> <fd7ifd$lnh$1@sea.gmane.org> <[🔎] 20071001162634.GA22490@alpaca> <[🔎] 87ve9oetge.fsf@cjlinux.localnet> <[🔎] 20071003195517.GB14906@localhost> <[🔎] 87lkaiea8x.fsf@cjlinux.localnet> <[🔎] 20071006005442.GA19706@alpaca>

Daniel Burrows <dburrows@debian.org> writes:

> On Thu, Oct 04, 2007 at 04:22:06PM -0700, Carl Johnson <carlj@peak.org> was heard to say:
> > I haven't seen any place where aptitude shows any of that
> > information.  It just shows me a warning such as:
> > 
> >   WARNING: This version of acpid is from an untrusted source!
> >            Installing this package could allow a malicious
> >            individual to damage or take control of your system.
> 
>   Could you paste the full output of "apt-get update"?

Here is the output:

Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-3 20070407-12:15] etch Release.gpg
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-2 20070407-12:15] etch Release.gpg
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-1 20070407-12:15] etch Release.gpg
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-3 20070407-12:15] etch Release
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-2 20070407-12:15] etch Release
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-1 20070407-12:15] etch Release
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-3 20070407-12:15] etch/contrib Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-3 20070407-12:15] etch/main Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-2 20070407-12:15] etch/contrib Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-2 20070407-12:15] etch/main Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-1 20070407-12:15] etch/contrib Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 4.0 r0 _Etch_ - Official amd64 DVD Binary-1 20070407-12:15] etch/main Packages/DiffIndex
Reading package lists... Done

In a separate respose Florian Kulzer pointed out that the ISO images
don't have Release.gpg files, so they can't be authenticated.  I later
realized that they can't put the checksum file into the ISO until the
ISO is already completed, and that changes the ISO so the original
checksum is no longer valid.  He pointed out how to tell apt to trust
the DVDs, so I have that working now.  Thanks for the response.

-- 
Carl Johnson		carlj@peak.org

Reply to:

References:
- Re: Debian packages without md5sums
  - From: Daniel Burrows <dburrows@debian.org>
- Re: Debian packages without md5sums
  - From: Carl Johnson <carlj@peak.org>
- Re: Debian packages without md5sums
  - From: Florian Kulzer <florian.kulzer+debian@icfo.es>
- Re: Debian packages without md5sums
  - From: Carl Johnson <carlj@peak.org>
- Re: Debian packages without md5sums
  - From: Daniel Burrows <dburrows@debian.org>

Prev by Date: The effectiveness of 'make uninstall' command
Next by Date: Re: Debian packages without md5sums
Previous by thread: Re: Debian packages without md5sums
Next by thread: Re: Debian packages without md5sums
Index(es):
- Date
- Thread