Your message dated Thu, 13 Aug 2015 23:08:52 +0200 with message-id <20150813210852.GA24430@crossbow> and subject line Re: Bug#607625: apt: no way to verify an individual downloaded has caused the Debian Bug report #607625, regarding apt: no way to verify an individual downloaded to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 607625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607625 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: no way to verify an individual downloaded
- From: Toni Mueller <support@oeko.net>
- Date: Mon, 20 Dec 2010 12:18:21 +0100
- Message-id: <20101220111821.8499.76701.reportbug@birch.oeko.net>
Package: apt Version: 0.7.20.2+lenny2 Severity: normal Hello, in the light of DSA 2134-1, I would really like to see an easy way to manually verify a downloaded package. Currently, neither dpkg, apt nor aptitude appear to have such functionality, but using apt or aptitude is not always possible (at least, I often need to bypass them). Kind regards, --Toni++ -- Package-specific info: -- (/etc/apt/preferences present, but not submitted) -- -- (no /etc/apt/sources.list present) -- -- System Information: Debian Release: 5.0.7 APT prefers stable APT policy: (990, 'stable'), (450, 'testing'), (250, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apt depends on: ii debian-archive-keyring 2010.08.28~lenny1 GnuPG archive keys of the Debian a ii libc6 2.7-18lenny6 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1.1 GCC support library ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> (no description available) ii aptitude 0.4.11.11-1~lenny1 terminal-based package manager ii bzip2 1.0.5-1+lenny1 high-quality block-sorting file co ii dpkg-dev 1.14.30 Debian package development tools ii lzma 4.43-14 Compression method of 7z format in ii python-apt 0.7.7.1+nmu1 Python interface to libapt-pkg ii synaptic 0.62.1+nmu1 Graphical package manager -- no debconf information
--- End Message ---
--- Begin Message ---
- To: 607625-done@bugs.debian.org
- Subject: Re: Bug#607625: apt: no way to verify an individual downloaded
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Thu, 13 Aug 2015 23:08:52 +0200
- Message-id: <20150813210852.GA24430@crossbow>
- In-reply-to: <AANLkTineRvZcSqDN-Vhbqm9nTKxc32ZqPqssHeqrLqyj@mail.gmail.com>
- References: <20101220111821.8499.76701.reportbug@birch.oeko.net> <AANLkTineRvZcSqDN-Vhbqm9nTKxc32ZqPqssHeqrLqyj@mail.gmail.com>
On Sat, Mar 26, 2011 at 11:03:40AM +0100, David Kalnischkies wrote: > On Mon, Dec 20, 2010 at 12:18, Toni Mueller <support@oeko.net> wrote: > > in the light of DSA 2134-1, I would really like to see an easy way to > > manually verify a downloaded package. Currently, neither dpkg, apt nor > > aptitude appear to have such functionality, but using apt or aptitude is > > not always possible (at least, I often need to bypass them). > > Could you elaborate a bit more what you want or what the usecase is? > The question is also why you are bypassing APT and co. in the first place… > > APT automatically verifies the deb files it downloads and stores them > in /var/cache/apt/archives/ if successfully verified (before they are > in partial/). > > aptitude has additionally a download option to download a package to > whatever place you are currently in. I don't know if it verifies it, > but i hope so. APT in wheezy onwards has this option, too. > > Is that maybe what you want? So, after 4 years of no answer I guess the answer is yes. Hence closing this bug as done. Best regards David KalnischkiesAttachment: signature.asc
Description: Digital signature
--- End Message ---