Bug#335112: apt-get --allow-unauthenticated still prefers authenticated packages on network to unauthenticated on localhost

To: submit@bugs.debian.org
Subject: Bug#335112: apt-get --allow-unauthenticated still prefers authenticated packages on network to unauthenticated on localhost
From: David Madore <david.madore@ens.fr>
Date: Sat, 22 Oct 2005 02:16:39 +0200
Message-id: <[🔎] 20051022001639.GA24806@clipper.ens.fr>
Reply-to: David Madore <david.madore@ens.fr>, 335112@bugs.debian.org

Package: apt
Version: 0.6.41
Severity: serious

The --allow-unauthenticated option does not revert to the exact
pre-0.6.27 behavior: even when this flag is passed on the command
line, apt still favors an authenticated package on the network to an
unauthenticated package on the local host (say with a file:/// URL in
the sources.list).

No combination of switches seems to be sufficient to _completely_
remove any kind of authentication-related feature (and revert to the
pre-0.6.27 behavior in all respects).

This severely breaks very-low-bandwidth systems where it is assumed
that the local package set will be favored over the networked ones.

-- 
     David A. Madore
    (david.madore@ens.fr,
     http://www.madore.org/~david/ )

Reply to:

Follow-Ups:
- Bug#335112: apt-get --allow-unauthenticated still prefers authenticated packages on network to unauthenticated on localhost
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Processed: severity of 335103 is serious
Next by Date: Bug#335112: apt-get --allow-unauthenticated still prefers authenticated packages on network to unauthenticated on localhost
Previous by thread: Processed: severity of 335103 is serious
Next by thread: Bug#335112: apt-get --allow-unauthenticated still prefers authenticated packages on network to unauthenticated on localhost
Index(es):
- Date
- Thread