Re: apt-secure status?

To: Joey Hess <joeyh@kitenet.net>
Cc: walters@debian.org, APT Development Team <deity@lists.debian.org>, Matt Zimmerman <mdz@debian.org>
Subject: Re: apt-secure status?
From: Isaac Jones <ijones@syntaxpolice.org>
Date: Tue, 25 Nov 2003 15:21:00 -0500
Message-id: <[🔎] 877k1op5cj.fsf@syntaxpolice.org>
In-reply-to: <[🔎] 20031125193741.GC19196@kitenet.net> (Joey Hess's message of "Tue, 25 Nov 2003 14:37:41 -0500")
References: <[🔎] 20031125193741.GC19196@kitenet.net>

Hi, Thanks for the note.

Joey Hess <joeyh@kitenet.net> writes:

> I was wondering, what is the current status of apt-secure? 

I'm not sure what the status of the integration into the _real_ apt
is.  Walters and I do not at all want to maintain this as a separate
program, so we're really hoping to get it integrated "upstream" ASAP.
I'm definitely willing to continue to help with that, and to do
maintenance if I'm invited to join in that effort.

I should be subscribed to the deity list, but I am not, and it's
probably down right now.  I'm sorry that I haven't been following the
discussion there (if any).  I was getting CC'd on stuff for a while,
but if there has been any discussion about integration in the last few
months, I haven't seen it.  I'll subscribe to deity as soon as I get a
chance.

To summarize what I know: there are some interface issues about how to
warn people that they're getting "insecure" packages without numbing
them to such warnings.  We also want to build tools to help people to
set up secure sources.  I think that /etc/apt/vendors.list is going to
go away.  There is some discussion on bug #207400.

> the version in monk.org's repository is quite old, and I'm hoping
> this has not stalled.

We've let apt-secure lapse a little bit since we were hoping to have
it integrated by now, and because it looks like it won't be compatible
with whatever happens in the real apt.  If it doesn't look like it'll
get integrated soon, I'll try updating our version, especially since I
note a renewed interest in this past week.

I get a lot of comments on IRC and email about what a great thing it
would be to have this in Apt, and I try to encourage people to tell
everyone else that, but I'm not sure that they do :)

> Also, I noticed that the apt-secure web page says the debian archive key
> is not in the debian-keyring package, but this has changed in recent
> versions of that package, which include the 2003 key.

I'll get to this soon.

peace,

isaac

Joey Hess <joeyh@kitenet.net> writes:

> I was wondering, what is the current status of apt-secure? I understand
> that the plan has been to merge it into current apt, but the version in
> monk.org's repository is quite old, and I'm hoping this has not stalled.
> I am not a C++ programmer, but if there is anything else I could do to
> help, I would like to.
>
> Also, I noticed that the apt-secure web page says the debian archive key
> is not in the debian-keyring package, but this has changed in recent
> versions of that package, which include the 2003 key.
>
> -- 
> see shy jo

Reply to:

Follow-Ups:
- Re: apt-secure status?
  - From: Matt Zimmerman <mdz@debian.org>

References:
- apt-secure status?
  - From: Joey Hess <joeyh@kitenet.net>

Prev by Date: Re: apt man pages
Next by Date: Re: apt-secure status?
Previous by thread: apt-secure status?
Next by thread: Re: apt-secure status?
Index(es):
- Date
- Thread