Bug#225648: apt: seperate config variable for disabling CheckAuth
On Wed, Dec 31, 2003 at 02:12:22AM -0800, Ryan Murray wrote:
> CheckAuth checks if APT::Get::Assume-Yes is true to bypass the check.
> This is problematic for build daemons, where you don't want to allow
> package statuses to be changed unless requested by the buildd (what
> APT::Get::Assume-Yes only did before the secure patch), but you do
> want to allow unauthenticated packages. A seperate config variable should
> be used for this. APT::Get::AllowUnauthenticated or so?
By the way, I'm assuming this has to do with that bit which lets buildds
grab packages from accepted/ or wherever, before they are installed in the
archive proper. Is it infeasible to provide a signed Release file for that
situation, and if so, is there anything I can do to alleviate that? It
would of course be preferable to authenticate all packages where possible.
--
- mdz
Reply to: