Re: Blockers of apt 0.6, not related to signature verification
On Thu, Feb 17, 2005 at 02:47:05PM +0100, Florian Weimer wrote:
> * Michael Vogt:
> >> are you aware of any issues that would, in your opinion, make it
> >> infeasible to let apt 0.6 enter testing at this stage, apart from open
> >> questions surrounding the Release signature verification (and general
> >> reservations towards anything which might delay a release)?
> >
> > The only problem I see is that the changes are not transparent for the
> > frontends (aptitude, synaptic, gnome-apt). They need to be updated and
> > tested as well.
>
> Sorry for being dense. Do you mean the impact of other changes
> besides archive signing on the frontends, or do you refer solely to
> the fallout from archive signing?
Sorry for not explaining it a bit better.
There are nearly no other changes other than the signing stuff in
apt-0.6. So that should be pretty safe :)
> The frontend implications of archive signing are already on my list
> (mainly dealing with new failure modes, I suppose, and maybe dealing
> with key rollover).
Without source code changes, the frontends don't know anything about
signed repositories. Aptitude/Synaptic will happily install anything
without a warning whether it's authenticated or not. But there will be
side-effects: you get a warning in the frontends after a update about
missing/incorrect signatures (only if there are some of course).
With patched aptitude (or aptitude from experimental) and synaptic
build with --with-apt-authentication there will be warnings when
trying to install unauthenticated packages.
So IMO if apt-0.6 enters sarge we should try to update aptitude as
well (and synaptic but it's not frozen yet, so this shouldn't be a
problem). Otherwise we have a mix of tools that support and not
support the signatures.
There are (AFAIK) no patches for gnome-apt, so it won't know about
signed repositories. And everything that depends on libapt needs to be
recompiled because the ABI changes.
Cheers,
Michael
--
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
Reply to: