[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#808367: apt: defaults to allow insecure repos and documents it wrong



On Thu, 2015-12-24 at 16:47 +0100, David Kalnischkies wrote:
> This ended up being handled more "complex": apt defaults to 'false'
> now as this is an interactive tool, while apt-get defaults to 'true'
> for the moment (aka for stretch) to allow suboptimal (infrastructure)
> setups a bit of transition time.
Uff... don't you think that having different defaults for different
tools is quite easily ambiguous?


>  Note that even if its set to true a warning (+
> 2 notices) is shown so that is a pretty big step forward already.
Sure... that's why I've only set severity normal. :-)

>  You
> also can't "downgrade" a repository from signed to unsigned any
> longer
> (by default – the option right below this one), so I am mostly happy
> in
> how 1.1 handles this and we haven't gotten too many complains about
> it
> yet, so the tradeoff choice seems to be about right.
So is this going to be changed sooner or later?

I just had the impression that it may have been simply forgotten ;-)
The change was already 2014, if I remember the changelog entry
correctly.


> This english no sense it makes as the grammatic seems to be slightly
> yoda.
My thought, pretty much this was ;-)


>  apt-secure mentions this option as well btw.
Yeah, I've seen that, but apt.conf(8) seemed to be the "canonical"
documentation.


> Autogenerating that would be nice, but that is hardly possible –
> after
> all, if the default changes how would that paragraph even make sense.
Well, it doesn't really work with the current writing of the
documentation.
One would need a more neutral style like:
>Option Name
>Summary: foo bar bar
>Default Value: @Whatever@
>Details: If set to "foo" then bla is done. If set to "bar" then your
>          hard disk is going to be wiped.

> What you could do is adding metadata to such paragraphs which could
> then
> be validated against reality. Yeah, that would be nice… but its also
> work to implement such a system. Can I assume you are volunteering?
Hmm ATM not, it seems really to be quite some invasive change to the
documentation...


> Happy "package managment" days and best regards
Hope you had some nice holidays as well :)


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Reply to: