Bug#216951: Apt-get (and aptitude) update fail to check if the http server supports pipelining

To: 216951@bugs.debian.org
Subject: Bug#216951: Apt-get (and aptitude) update fail to check if the http server supports pipelining
From: "David L. Anselmi" <anselmi@anselmi.us>
Date: Sun, 12 Apr 2009 13:20:14 -0600
Message-id: <[🔎] 49E23EEE.5090704@anselmi.us>
Reply-to: "David L. Anselmi" <anselmi@anselmi.us>, 216951@bugs.debian.org

I've just stumbled across this bug. It was rather difficult toidentify. The effect (in my case) is that packages are listed as beingfrom an untrusted source. Seems like that might warrant more than minorseverity.


The first two lines of the update are:

Ign http://kite testing Release.gpg
Hit http://kite testing/updates Release.gpg

apt-get sends requests for both of these in the same packet and theserver (dhttpd) sends back the first only (with no file name). apt-getassumes the data is for the second. So there is no signature for thetesting Release file and its packages are marked untrusted.

If the pipelining bug isn't worth fixing, perhaps a warning could begiven that a file couldn't be found and it's one we might care about.


Thanks!
Dave

Reply to:

Prev by Date: Processed: Change severity of 216951 to normal.
Next by Date: Re: [rfc] apt-cache google
Previous by thread: Processed: Change severity of 216951 to normal.
Next by thread: Bug#49627: What are your thoughts
Index(es):
- Date
- Thread