[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#607625: marked as done (apt: no way to verify an individual downloaded)

Your message dated Thu, 13 Aug 2015 23:08:52 +0200
with message-id <20150813210852.GA24430@crossbow>
and subject line Re: Bug#607625: apt: no way to verify an individual downloaded
has caused the Debian Bug report #607625,
regarding apt: no way to verify an individual downloaded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
607625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607625
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 0.7.20.2+lenny2
Severity: normal


Hello,

in the light of DSA 2134-1, I would really like to see an easy way to
manually verify a downloaded package. Currently, neither dpkg, apt nor
aptitude appear to have such functionality, but using apt or aptitude is
not always possible (at least, I often need to bypass them).


Kind regards,
--Toni++


-- Package-specific info:

-- (/etc/apt/preferences present, but not submitted) --


-- (no /etc/apt/sources.list present) --


-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (990, 'stable'), (450, 'testing'), (250, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apt depends on:
ii  debian-archive-keyring 2010.08.28~lenny1 GnuPG archive keys of the Debian a
ii  libc6                  2.7-18lenny6      GNU C Library: Shared libraries
ii  libgcc1                1:4.3.2-1.1       GCC support library
ii  libstdc++6             4.3.2-1.1         The GNU Standard C++ Library v3

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc               <none>             (no description available)
ii  aptitude              0.4.11.11-1~lenny1 terminal-based package manager
ii  bzip2                 1.0.5-1+lenny1     high-quality block-sorting file co
ii  dpkg-dev              1.14.30            Debian package development tools
ii  lzma                  4.43-14            Compression method of 7z format in
ii  python-apt            0.7.7.1+nmu1       Python interface to libapt-pkg
ii  synaptic              0.62.1+nmu1        Graphical package manager

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Sat, Mar 26, 2011 at 11:03:40AM +0100, David Kalnischkies wrote:
> On Mon, Dec 20, 2010 at 12:18, Toni Mueller <support@oeko.net> wrote:
> > in the light of DSA 2134-1, I would really like to see an easy way to
> > manually verify a downloaded package. Currently, neither dpkg, apt nor
> > aptitude appear to have such functionality, but using apt or aptitude is
> > not always possible (at least, I often need to bypass them).
> 
> Could you elaborate a bit more what you want or what the usecase is?
> The question is also why you are bypassing APT and co. in the first place…
> 
> APT automatically verifies the deb files it downloads and stores them
> in /var/cache/apt/archives/ if successfully verified (before they are
> in partial/).
> 
> aptitude has additionally a download option to download a package to
> whatever place you are currently in. I don't know if it verifies it,
> but i hope so. APT in wheezy onwards has this option, too.
> 
> Is that maybe what you want?

So, after 4 years of no answer I guess the answer is yes.  Hence closing
this bug as done.


Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: