Bug#203741: apt sigcheck patches

[Colin Walters <walters@debian.org>]

[ Added aj to the CC as I'm pretty sure he's interested in this ]

On Thu, 2003-08-21 at 12:13, Matt Zimmerman wrote:

> It seems OK not to specify whether the source is secured, as long as you're
> not rejecting insecure sources (maybe issuing a warning?).

I'd get pretty annoyed at being prompted every time to ignore unsecured
sources.  And if we add an option to ignore unsecured sources, then
people will just use that, and that kind of makes the whole thing
pointless.

Say company has a setup with a bunch of Debian stable machines, using
apt-secure.  They of course use security.debian.org.  However they also
have a trusted server on their intranet that provides some packages, and
all the other machines use it as an apt source.  Because Debian doesn't
have any standard scripts for generating a secured apt source, and since
it's on their secure intranet, they don't bother checking the sigs on
the Release file.

This company also has scripts to automatically upgrade all the machines
on their intranet.  They don't want to have any user interaction, so
prompting is out.

How would you solve this problem without specifying whether or not a
source is secured in the sources.list?

> Presumably, if you don't trust Debian unstable, you wouldn't have the key
> for unstable in your list.  Though, I guess if we use one key per year
> rather than a key per release, this won't work (unfortunately).

Right.