Bug#796549: [trusted=yes] sources should not cause "Release is not signed" warnings
On Mon, 28 Sep 2015 16:13:32 -0300 Antonio Terceiro <terceiro@debian.org> wrote:
> On Sat, Aug 22, 2015 at 03:11:41PM +0200, Joachim Breitner wrote:
> > Package: apt
> > Version: 1.1~exp8
> > Severity: normal
> >
> > Hi,
> >
> > I try to use a local repository (file:///..), and I see no point in
> > signing it, so I added it with [trusted=yes]. Unfortunately, I still get
> > an error message like
> > W: The data from 'file: ./ Release.gpg' is not signed. Packages from that repository can not be authenticated.
> >
> > It would be nice if this message was omited for trusted repository.
>
> For me it's not only that: with apt 1.1~exp12, such a repository does
> not even work: whenever apt sees that repository as not being signed,
> apt-cache policy does not show package version from there. If I sign the
> Release file there and run `apt update`, then apt-cache policy _does_
> show the packages from that repository.
>
> Reverting to apt 1.0 from unstable makes it work again, i.e. the local
> repository marked with [trusted=yes] behaves correctly.
This has become a major annoyance. Now local-apt-repository has become
useless :(
--
Saludos,
Felipe Sateler
Reply to: