Bug#808367: apt: defaults to allow insecure repos and documents it wrong

To: Christoph Anton Mitterer <calestyo@scientia.net>, 808367@bugs.debian.org
Subject: Bug#808367: apt: defaults to allow insecure repos and documents it wrong
From: David Kalnischkies <david@kalnischkies.de>
Date: Thu, 24 Dec 2015 16:47:39 +0100
Message-id: <[🔎] 20151224154739.GC6041@crossbow>
Reply-to: David Kalnischkies <david@kalnischkies.de>, 808367@bugs.debian.org
In-reply-to: <[🔎] 145049680495.8222.3771633479886119156.reportbug@heisenberg.scientia.net>
References: <[🔎] 145049680495.8222.3771633479886119156.reportbug@heisenberg.scientia.net>

On Sat, Dec 19, 2015 at 04:46:44AM +0100, Christoph Anton Mitterer wrote:
> Apparently, as per:
> >apt (1.1~exp5) experimental; urgency=medium
> >  * Change default of Acquire::AllowInsecureRepositories to "true"
> >    so that this change is less disruptive, this will be switched
> >    to "false" again after jessie
> 
> insecure repos are not completely forbidden, right now.
> 
> However, jessie is out and that hasn't been changed back.

This ended up being handled more "complex": apt defaults to 'false' now
as this is an interactive tool, while apt-get defaults to 'true' for the
moment (aka for stretch) to allow suboptimal (infrastructure) setups
a bit of transition time. Note that even if its set to true a warning (+
2 notices) is shown so that is a pretty big step forward already. You
also can't "downgrade" a repository from signed to unsigned any longer
(by default – the option right below this one), so I am mostly happy in
how 1.1 handles this and we haven't gotten too many complains about it
yet, so the tradeoff choice seems to be about right.

See the relevant changelog and commit messages for full details.

> Further the manpage even names a wrong default:
> >       AllowInsecureRepositories
> >           Allow the update operation to load data files from a repository
> >           without a trusted signature. If enabled this option no data files
> >           will be loaded and the update operation fails with a error for this
> >           source. The default is false for backward compatibility. This will
> >           be changed in the future.

This english no sense it makes as the grammatic seems to be slightly
yoda. apt-secure mentions this option as well btw.

Autogenerating that would be nice, but that is hardly possible – after
all, if the default changes how would that paragraph even make sense.
What you could do is adding metadata to such paragraphs which could then
be validated against reality. Yeah, that would be nice… but its also
work to implement such a system. Can I assume you are volunteering?

Happy "package managment" days and best regards

David Kalnischkies

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#808367: apt: defaults to allow insecure repos and documents it wrong
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Bug#808367: apt: defaults to allow insecure repos and documents it wrong
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#808888: marked as done (adwaita-icon-theme: APT hangs during installation)
Next by Date: Processing of apt_1.1.6_source.changes
Previous by thread: Bug#808367: apt: defaults to allow insecure repos and documents it wrong
Next by thread: Bug#808367: apt: defaults to allow insecure repos and documents it wrong
Index(es):
- Date
- Thread