Bug#318630: new apt for debian/experimental
Matt Zimmerman <mdz@debian.org> writes:
> On Fri, Jul 29, 2005 at 02:16:09PM +0200, Michael Vogt wrote:
>> On Fri, Jul 29, 2005 at 01:47:27PM +0200, Goswin von Brederlow wrote:
>> > could you maybe take a look at my patch in the BTS to allow using
>> > [TRUSTED] as vendor tag in sources.list for implizitly tursted
>> > repositories?
>>
>> Sorry, I haven't looked at it yet (lack of time). If you haven't heard
>> from me in ~2 weeks, please nag me again about it :)
>
> I don't object to the idea of having a per-source override, but it should
> absolutely be named differently. Disabling the authentication is a
> different policy decision than saying "I trust this source", given that
> without the authentication, there is no way to know whether you are talking
> to the host named in the configuration.
>
> --
> - mdz
[TRUSTED] is ment for local repositories or anything inside a
controled network. Something you trust implicitly.
I was also thinking about [NOAUTH] that would disable the
authentication failure question without making something a trusted
source. I.e. if an authenticated source has the same file get it
there.
MfG
Goswin
Reply to: