Bug#203741: apt sigcheck patches
On Tue, Aug 26, 2003 at 10:07:51PM +0200, Filip Van Raemdonck wrote:
> On Thu, Aug 21, 2003 at 03:33:50PM -0400, Matt Zimmerman wrote:
> > I would say that by default, it should go ahead and use the unsecured
> > sources, but display a warning to the user.
> <...>
> > If a user asks to install (or upgrade!) a package, and the selected
> > version is coming from an insecure source, I think apt should warn
> > loudly about this, and ask for confirmation.
>
> And add an option (defaulting to false I suppose given the earlier
> conversation) to actually bail out instead of asking? Thinking about
> semi-automated update scripts here - which may want to _not_ upgrade
> instead of forcing upgrades when something strange happens.
Of course, it would work just like the other prompts in apt, and do
something sane if a non-interactive mode is requested.
> > A force option could be provided, but I think it would be better to make
> > it a no-brainer for a source to be secured.
>
> Actually, wouldn't a force (install) option be a bad idea even in the
> above situation? If someone messes with that company's internet connection
> and redirects *.debian.org to his own, unsigned archive, the force install
> options would have their scripts happily ignore the lack of a key.
There are all sorts of reasons why it would be a bad idea to force it, but
sometimes you need to let the user decide their own risks rather than trying
to decide for them.
--
- mdz
Reply to: