Bug#318630: apt-get: Please add [TRUSTED] vendor support
Control: tags -1 - patch
The basic support for [trusted=yes] is in since 0.8.16~exp3. So
repurposing this bug report to enhance this feature along the lines of
the more recent messages (i.e. #62 onwards). The supplied patches
no longer apply.
Goswin von Brederlow <goswin-v-b@web.de> wrote:
> Any objections to the proposed design for this feature?
>
> - deb [key=0x1AB52325534,0x3475BDF478] ...
> Only accept signatures by one of the listed fingerprints
>
> - deb [keyring=foobar.gpg] ...
> Use foobar.gpg to verify the signatures and only foobar.gpg.
>
> deb [trust=always|never] ....
> Ignore the Release signature and just always or never trust the
> source. "always" would be for file:// or sources on the local
> network where you don't care if it is unsigned. "never" would be for
> repositories you want to always be asked before they are used and
> which should not replace packages from more trusted repositories.
Reply to: