Bug#203741: apt-secure

To: Matt Zimmerman <mdz@debian.org>, 203741@bugs.debian.org
Cc: Colin Walters <walters@verbum.org>, Isaac Jones <ijones@syntaxpolice.org>, debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>
Subject: Bug#203741: apt-secure
From: Jason Gunthorpe <jgg@debian.org>
Date: Mon, 08 Sep 2003 16:02:46 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.1030908155451.7784B-100000@wakko.debian.net>
Reply-to: Jason Gunthorpe <jgg@debian.org>, 203741@bugs.debian.org
In-reply-to: <[🔎] 20030908141224.GD18829@alcor.net>

On Mon, 8 Sep 2003, Matt Zimmerman wrote:

> I think the warning during update is superfluous because the user will be
> asked for confirmation when installing packages.  I might add a source to my
> sources.list that I don't generally trust, knowing that apt will ask for
> confirmation before installing packages from it.  However, I would still get
> a warning on every single apt-get update.

Any sort of query during install isn't going to work so well without much
bigger changes. Mostly this has to do with the way multiple instances of
the same package are handled, the various origins are not uniquified and
it cannot retain the md5sum information to figure out what makes sense. 

So even though it says it's coming from a secure source because one
instance is listed as secure it may very well decide to download and
verify it from an insecure one. I haven't the faintest clue about how
you'd go about fixing this.

Basically you have to sign off at update time and you need to ensure your
sources.list has what you want then.

Jason

Reply to:

Follow-Ups:
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Sie haben eine Einladung erhalten! ID Ijweqeuy
Next by Date: Bug#203741: apt-secure
Previous by thread: Bug#203741: apt-secure
Next by thread: Bug#203741: apt-secure
Index(es):
- Date
- Thread