Bug#225648: apt: seperate config variable for disabling CheckAuth

To: Ryan Murray <rmurray@cyberhqz.com>, 225648@bugs.debian.org
Subject: Bug#225648: apt: seperate config variable for disabling CheckAuth
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 31 Dec 2003 08:30:20 -0800
Message-id: <[🔎] 20031231163020.GW1365@alcor.net>
Reply-to: Matt Zimmerman <mdz@debian.org>, 225648@bugs.debian.org
In-reply-to: <[🔎] 20031231101222.6146627C1CE@cyberhq.internal.cyberhqz.com>
References: <[🔎] 20031231101222.6146627C1CE@cyberhq.internal.cyberhqz.com>

On Wed, Dec 31, 2003 at 02:12:22AM -0800, Ryan Murray wrote:

> CheckAuth checks if APT::Get::Assume-Yes is true to bypass the check. 
> This is problematic for build daemons, where you don't want to allow
> package statuses to be changed unless requested by the buildd (what
> APT::Get::Assume-Yes only did before the secure patch), but you do
> want to allow unauthenticated packages.  A seperate config variable should
> be used for this.  APT::Get::AllowUnauthenticated or so?

By the way, I'm assuming this has to do with that bit which lets buildds
grab packages from accepted/ or wherever, before they are installed in the
archive proper.  Is it infeasible to provide a signed Release file for that
situation, and if so, is there anything I can do to alleviate that?  It
would of course be preferable to authenticate all packages where possible.

-- 
 - mdz

Reply to:

References:
- Bug#225648: apt: seperate config variable for disabling CheckAuth
  - From: Ryan Murray <rmurray@cyberhqz.com>

Prev by Date: Processed: Re: Bug#225602: apt: apt-get: encoding problems (when displaying strings)?
Next by Date: Bug#225648: apt: seperate config variable for disabling CheckAuth
Previous by thread: Bug#225648: apt: seperate config variable for disabling CheckAuth
Next by thread: Bug#225648: apt: seperate config variable for disabling CheckAuth
Index(es):
- Date
- Thread