On Sat, Aug 22, 2015 at 03:11:41PM +0200, Joachim Breitner wrote: > Package: apt > Version: 1.1~exp8 > Severity: normal > > Hi, > > I try to use a local repository (file:///..), and I see no point in > signing it, so I added it with [trusted=yes]. Unfortunately, I still get > an error message like > W: The data from 'file: ./ Release.gpg' is not signed. Packages from that repository can not be authenticated. > > It would be nice if this message was omited for trusted repository. For me it's not only that: with apt 1.1~exp12, such a repository does not even work: whenever apt sees that repository as not being signed, apt-cache policy does not show package version from there. If I sign the Release file there and run `apt update`, then apt-cache policy _does_ show the packages from that repository. Reverting to apt 1.0 from unstable makes it work again, i.e. the local repository marked with [trusted=yes] behaves correctly. -- Antonio Terceiro <terceiro@debian.org>
Attachment:
signature.asc
Description: PGP signature