Bug#225648: apt: seperate config variable for disabling CheckAuth
On Wed, Dec 31, 2003 at 02:12:22AM -0800, Ryan Murray wrote:
> Package: apt
> Version: 0.6.6
> Severity: important
> Tag: experimental
>
> CheckAuth checks if APT::Get::Assume-Yes is true to bypass the check.
> This is problematic for build daemons, where you don't want to allow
> package statuses to be changed unless requested by the buildd (what
> APT::Get::Assume-Yes only did before the secure patch), but you do
> want to allow unauthenticated packages. A seperate config variable should
> be used for this. APT::Get::AllowUnauthenticated or so?
Actually, the test works the other way around. If Assume-Yes is set,
unauthenticated packages are rejected (fail safe). It assumes "Yes" to the
prompt, which asks whether to abort.
mizar:[~/src/deb/mine/cvs/apt/po] sudo apt-get -y install hello-debhelper
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
hello-debhelper
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 49.4kB of archives.
After unpacking 483kB of additional disk space will be used.
WARNING: The following packages cannot be securely authenticated!
hello-debhelper
Aborted.
There is currently no way to bypass this check at all. I'll add one in
0.6.8.
--
- mdz
Reply to: