Your message dated Thu, 13 Aug 2015 14:06:00 +0200 with message-id <20150813120600.GA12626@crossbow> and subject line Re: Bug#338889: Overzealously prefers signed packages to identical unsigned ones has caused the Debian Bug report #338889, regarding fetches packages from an HTTP source rather than more preferred file source to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 338889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338889 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [apt] Fetches packages from an HTTP source rather than more preferred file source
- From: Filipus Klutiero <chealer@gmail.com>
- Date: Sat, 31 Jan 2009 14:18:18 -0500
- Message-id: <200901311418.18648.chealer@gmail.com>
Package: apt Version: 0.7.20 Severity: normal I added a local package repository to my sources using the file method. I put the source first so that packages that can be found in the local repository would be fetched from there rather than from my mirror, but unfortunately the mirror is preferred, for some reason. This makes it inconvenient to use a partial local repository (in this case, the KDE CD 1 ISO). I reproduced this bug on this PC after experiencing it on another lenny install. Here is an example with kbstate. # apt-cache policy kbstate kbstate: Installed: (none) Candidate: 4:3.5.9-2 Version table: 4:3.5.9-2 0 990 file: lenny/main Packages 990 http://gulus.usherbrooke.ca lenny/main Packages 500 http://gulus.usherbrooke.ca sid/main Packages vinci:/etc# apt-cache policy Package files: 100 /var/lib/dpkg/status release a=now 990 http://security.debian.org lenny/updates/non-free Packages release v=None,o=Debian,a=testing,l=Debian-Security,c=non-free origin security.debian.org 990 http://security.debian.org lenny/updates/contrib Packages release v=None,o=Debian,a=testing,l=Debian-Security,c=contrib origin security.debian.org 990 http://security.debian.org lenny/updates/main Packages release v=None,o=Debian,a=testing,l=Debian-Security,c=main origin security.debian.org 1 http://gulus.usherbrooke.ca experimental/non-free Packages release o=Debian,a=experimental,l=Debian,c=non-free origin gulus.usherbrooke.ca 1 http://gulus.usherbrooke.ca experimental/contrib Packages release o=Debian,a=experimental,l=Debian,c=contrib origin gulus.usherbrooke.ca 1 http://gulus.usherbrooke.ca experimental/main Packages release o=Debian,a=experimental,l=Debian,c=main origin gulus.usherbrooke.ca 500 http://gulus.usherbrooke.ca sid/non-free Packages release o=Debian,a=unstable,l=Debian,c=non-free origin gulus.usherbrooke.ca 500 http://gulus.usherbrooke.ca sid/contrib Packages release o=Debian,a=unstable,l=Debian,c=contrib origin gulus.usherbrooke.ca 500 http://gulus.usherbrooke.ca sid/main Packages release o=Debian,a=unstable,l=Debian,c=main origin gulus.usherbrooke.ca 990 http://gulus.usherbrooke.ca lenny/non-free Packages release o=Debian,a=testing,l=Debian,c=non-free origin gulus.usherbrooke.ca 990 http://gulus.usherbrooke.ca lenny/contrib Packages release o=Debian,a=testing,l=Debian,c=contrib origin gulus.usherbrooke.ca 990 http://gulus.usherbrooke.ca lenny/main Packages release o=Debian,a=testing,l=Debian,c=main origin gulus.usherbrooke.ca 990 file: lenny/main Packages release o=Debian,a=testing,l=Debian,c=main Pinned packages: vinci:/etc# apt-get install kbstate Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: kbstate 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 70.1kB of archives. After this operation, 664kB of additional disk space will be used. Get:1 http://gulus.usherbrooke.ca lenny/main kbstate 4:3.5.9-2 [70.1kB] Fetched 70.1kB in 0s (110kB/s) Reading package fields... Done Reading package status... Done Retrieving bug reports... Done Parsing Found/Fixed information... Done Selecting previously deselected package kbstate. (Reading database ... 125135 files and directories currently installed.) Unpacking kbstate (from .../kbstate_4%3a3.5.9-2_i386.deb) ... Setting up kbstate (4:3.5.9-2) ... vinci:/etc# cat /etc/apt/sources.list deb file:///mnt/iso/ lenny main deb http://gulus.usherbrooke.ca/debian/ lenny main contrib non-free # deb http://debian.savoirfairelinux.net/debian/ lenny main contrib non-free # deb http://debian.savoirfairelinux.net/debian/ sid main contrib non-free deb http://gulus.usherbrooke.ca/debian/ sid main contrib non-free #deb-src http://debian.savoirfairelinux.net/debian/ sid main contrib deb http://gulus.usherbrooke.ca/debian/ experimental main contrib non-free deb http://security.debian.org/ lenny/updates main contrib non-free deb-src http://security.debian.org/ lenny/updates main # deb http://ftp.debian-unofficial.org/debian/ testing main contrib non-free restricted vinci:/etc# --- System information. --- Architecture: i386 Kernel: Linux 2.6.26-1-amd64 Debian Release: 5.0 990 testing security.debian.org 990 testing gulus.usherbrooke.ca 500 unstable gulus.usherbrooke.ca 1 experimental gulus.usherbrooke.ca --- Package information. --- Depends (Version) | Installed =======================================-+-============= libc6 (>= 2.7-1) | 2.7-18 libgcc1 (>= 1:4.1.1) | 1:4.3.2-1.1 libstdc++6 (>= 4.2.1) | 4.3.2-1.1 debian-archive-keyring | 2008.04.16+nmu1 --- Output from package bug script ---
--- End Message ---
--- Begin Message ---
- To: 338889-done@bugs.debian.org
- Subject: Re: Bug#338889: Overzealously prefers signed packages to identical unsigned ones
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Thu, 13 Aug 2015 14:06:00 +0200
- Message-id: <20150813120600.GA12626@crossbow>
- In-reply-to: <None.LNX.4.64.0612121816320.22817@cantor.unex.es>
- References: <20051113153715.GA5146@chardonnay.math.bme.hu> <20051123154702.GB32577@top.ping.de> <874q63glbr.fsf@informatik.uni-tuebingen.de> <None.LNX.4.64.0612121816320.22817@cantor.unex.es>
On Tue, Dec 12, 2006 at 06:40:37PM +0100, Santiago Vila wrote: > It does not make much sense that the user has to fiddle with gpg, keys, > signatures, etc. when everything he wants to do is to have a local > repository which serves as a cache for packages which are already > authenticated by other means. Which is why there is a trusted=yes option for sources now, which is documented in the sources.list. Using this option everything is as requested, so closing. Btw, the additional feature mentioned in this buglog about not downloading the same metadata from various places is partly solved in apt 1.1, but that is a different topic/bug. Best regards David KanischkiesAttachment: signature.asc
Description: Digital signature
--- End Message ---