[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#596498: sources.list: add option to mark unsigned (local) repository as trusted

Goswin von Brederlow <goswin-v-b@web.de> writes:
> Ansgar Burchardt <ansgar@43-1.org> writes:
>> Attached is a patch to add a [trusted=1] option to sources.list.  When
>> present, the source is regarded as trusted even without a Release.gpg.
>> Documentation of this feature is still missing.
>> I did the following testing using apt 0.8.3 with the patch applied:
>> Installing from an unsigned (or signed with unknown key) repository
>> causes warning when [trusted=0] or no option is given in sources.list;
>> installing from an unsigned (or signed with unknown key) repository does
>> not warn when [trusted=1] is given in sources.list.
> I would have used 'trust=always', 'trust=key' (default) and 'trust=never'.
> But otherwise the patch looks good to me.

The patch uses the StringToBool function already present so trusted=yes
is already understood.  I don't mind changing the options, but would
like to know where the APT team would like to have a helper function
similar to StringToBool for this.

The trust=never option is not included because it does not seem
particular useful to me.


Reply to: