Bug#203741: apt sigcheck patches
On Thu, Aug 21, 2003 at 03:33:50PM -0400, Matt Zimmerman wrote:
> On Thu, Aug 21, 2003 at 01:51:32PM -0400, Colin Walters wrote:
> >
> > I'd get pretty annoyed at being prompted every time to ignore unsecured
> > sources. And if we add an option to ignore unsecured sources, then people
> > will just use that, and that kind of makes the whole thing pointless.
>
> I would say that by default, it should go ahead and use the unsecured
> sources, but display a warning to the user.
<...>
> If a user asks to install (or upgrade!) a package, and the selected version
> is coming from an insecure source, I think apt should warn loudly about
> this, and ask for confirmation.
And add an option (defaulting to false I suppose given the earlier
conversation) to actually bail out instead of asking? Thinking about
semi-automated update scripts here - which may want to _not_ upgrade
instead of forcing upgrades when something strange happens.
> > This company also has scripts to automatically upgrade all the machines on
> > their intranet. They don't want to have any user interaction, so
> > prompting is out.
>
> A force option could be provided, but I think it would be better to make it
> a no-brainer for a source to be secured.
Actually, wouldn't a force (install) option be a bad idea even in the
above situation? If someone messes with that company's internet connection
and redirects *.debian.org to his own, unsigned archive, the force install
options would have their scripts happily ignore the lack of a key.
Regards,
Filip
--
Evil Overlord Quote of the Day:
150.I will provide funding and research to develop tactical and strategic
weapons covering a full range of needs so my choices are not limited to
"hand to hand combat with swords" and "blow up the planet".
Reply to: