Bug#203741: apt sigcheck patches
Matt Zimmerman <mdz@debian.org> writes:
> On Sun, Dec 28, 2003 at 04:53:53PM -0500, Colin Walters wrote:
>
>> On Fri, 2003-12-26 at 11:26, Matt Zimmerman wrote:
>>
>> > I found this bug; it was here (srcrecords.cc):
>> [...]
>>
>> Ah, good catch. My C++-fu is weak. I had tried valgrind, but it only
>> gave me an error much later.
>
> For some reason it became unreproducible shortly after I found it the first
> time, so I assumed I had messed up my build. It wasn't until it resurfaced
> recently that I tracked it down.
It has always been annoyingly unreproducible.
> Was the intention to move away from per-section Release files, and to only
> use the top-level one? Or was this an oversight, and we should be
> downloading these files and continuing to use them?
I agree with Colin that the idea was to get rid of the per-section
Release files. It was probably an oversight that we never got around
to fixing the cases where they were actually used. Neither of us
really use pinning.
Does anyone know why these sub-release files exist? Were they around
before the signed ones that "apt-secure" uses?
>> One other small difference is that the main Release file uses "Suite" rather
>> than "Archive". I'm inclined to just change the code to look for Suite,
>> since it seems to match other terminology better.
>
> Done in 0.6.4 (experimental).
Cool!
peace,
isaac
Reply to: