Bug#203741: apt-secure

To: Isaac Jones <ijones@syntaxpolice.org>
Subject: Bug#203741: apt-secure
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 22 Sep 2003 10:38:22 -0400
Message-id: <[🔎] 20030922143822.GH15619@alcor.net>
Reply-to: Matt Zimmerman <mdz@debian.org>, 203741@bugs.debian.org
In-reply-to: <87brtcdikm.fsf@syntaxpolice.org>
References: <[🔎] 20030908231518.GA30008@alcor.net> <[🔎] Pine.LNX.3.96.1030908203706.8794A-100000@wakko.debian.net> <[🔎] 20030909043815.GF30008@alcor.net> <[🔎] 87n0dev91s.fsf@syntaxpolice.org> <[🔎] 20030909133417.GK30008@alcor.net> <[🔎] 877k4gaw0i.fsf@syntaxpolice.org> <[🔎] 20030911032950.GO15361@alcor.net> <87brtcdikm.fsf@syntaxpolice.org>

On Mon, Sep 22, 2003 at 10:05:45AM -0400, Isaac Jones wrote:

> > I don't think we can even think about defaulting to rejecting insecure
> > sources until we've provided some simple tools for importing keys into the
> > trusted keyring and generating Release files.  
> 
> (Rest of email is below.)
> 
> Like I said, I'm not actually advocating that, but the migration path
> is still a good idea for this release.

What is the migration path that you are suggesting?  That we check
signatures where they are available, and where they are not, warn the user
during apt-get update?  I suppose this is better than nothing.

> I'm just writing to ask what your plan is.  Can I help with anything?

My current plan is to get apt > 0.5.4 into testing.  I don't want to start
breaking things until there is something pretty solid for sarge.
Unfortunately, glibc and gcc-3.3 happened, and so that has held everything
up.  apt also just had an RC bug reported which I need to fix. :-/

-- 
 - mdz

Reply to:

Follow-Ups:
- Bug#203741: apt-secure
  - From: Isaac Jones <ijones@syntaxpolice.org>

References:
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#203741: apt-secure
  - From: Jason Gunthorpe <jgg@debian.org>
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#203741: apt-secure
  - From: Isaac Jones <ijones@syntaxpolice.org>
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#203741: apt-secure
  - From: Isaac Jones <ijones@syntaxpolice.org>
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Bug#203741: apt-secure
Next by Date: Bug#203741: Signature verification status
Previous by thread: Bug#203741: apt-secure
Next by thread: Bug#203741: apt-secure
Index(es):
- Date
- Thread