Feature request: Extensions to the sources.list syntax

To: "APT Development Team" <deity@lists.debian.org>
Subject: Feature request: Extensions to the sources.list syntax
From: Goswin von Brederlow <goswin-v-b@web.de>
Date: Fri, 02 May 2008 18:31:45 +0200
Message-id: <[🔎] 87lk2spszy.fsf@frosties.localdomain>

Hi,

I would like to add 3 features to apt and sources.list, preferably in
a way that doesn't break existing syntax.

1. Limiting the keys a source may use

When you have packages from multiple sources all the keys are in a
single keyring. Now if one of the repositories turns evil (or is
compromised) an attacker could inject packages into the other sources
as well using that one key.

You might say: "So what? He can already inject the packages into the
first repository." But think about backports or snapshot.debian.net
for example. Only verry specific packages would be installed from
there.

A keyring option is probably better than specifying individual
keys. Changes in the keyring wouldn't have to change the config as
well.

2. Changing the default pin of a source

Lets say you want packages from debian-multimedia.org. But lets not
have it replace any packages already in Debian. So you pin it down
below the debian packages.

The current pin syntax though is akward and relies on the information
given by the repository. A change in the repository can easily break
the pining.

Specifying the pin for a source in sources.list though would be simple
and not depend on the repository content.

3. Multiarch support

With multiarch packages from multiple architectures can be
installed. So somehow I tell apt to fetch binary-amd64/Packages and
binary-i386/Packages.

But what if a source only has i386 packages and not amd64? Every time
I "apt-get update" I would get an error because
*/binary-amd64/Packages is not listed in the Release file.

Or what if I only want the i386 packages from a source even if they do
have amd64 too?

Now for the tricky part. How do we specify any of that in
sources.list? There is already support for, as the source calles it, a
vendor field. I think we could use that for optional arguments:

deb '['key=val[,val[,...]][; *...]']' SERVER DIST SUITE

e.g:

deb [pin=400; arch=i386,amd64; keyring=multimedia.gpg] http://multimedia.debian.net/debian sid main

What do you think?

MfG
Goswin

Reply to:

Prev by Date: Bug#478904: cron script for apt needs improvement
Next by Date: Processing of apt_0.7.13_amd64.changes
Previous by thread: Bug#478904: apt: Updated cron script
Next by thread: Processing of apt_0.7.13_amd64.changes
Index(es):
- Date
- Thread