Bug#596498: sources.list: add option to mark unsigned (local) repository as trusted
- To: firstname.lastname@example.org
- Subject: Bug#596498: sources.list: add option to mark unsigned (local) repository as trusted
- From: Ansgar Burchardt <email@example.com>
- Date: Mon, 07 Feb 2011 13:32:39 +0100
- Message-id: <[🔎] firstname.lastname@example.org>
- Reply-to: Ansgar Burchardt <email@example.com>, firstname.lastname@example.org
- In-reply-to: <email@example.com> (Goswin von Brederlow's message of "Tue, 14 Sep 2010 19:56:42 +0200")
- References: <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org>
Goswin von Brederlow <email@example.com> writes:
> Ansgar Burchardt <firstname.lastname@example.org> writes:
>> Attached is a patch to add a [trusted=1] option to sources.list. When
>> present, the source is regarded as trusted even without a Release.gpg.
>> Documentation of this feature is still missing.
>> I did the following testing using apt 0.8.3 with the patch applied:
>> Installing from an unsigned (or signed with unknown key) repository
>> causes warning when [trusted=0] or no option is given in sources.list;
>> installing from an unsigned (or signed with unknown key) repository does
>> not warn when [trusted=1] is given in sources.list.
> I would have used 'trust=always', 'trust=key' (default) and 'trust=never'.
> But otherwise the patch looks good to me.
The patch uses the StringToBool function already present so trusted=yes
is already understood. I don't mind changing the options, but would
like to know where the APT team would like to have a helper function
similar to StringToBool for this.
The trust=never option is not included because it does not seem
particular useful to me.