On Fri, May 30, 2014 at 03:21:20PM +0200, Michael Vogt wrote:
[..]
> > Hmm. There is no warning suggesting that anything fishy is going on,
> > and the exit code indicates success. (Perhaps the "Ign"s could raise
> > suspicion of an observant sysadmin. But who knows what "Ign" exactly
> > means? At least the apt-get(1) manpage doesn't know.)
>
> Right, I think apt should show a more prominent warning here. I will
> look into this next.
[..]
I create a git branch that shows a warning if it comes accross a
unauthenticated repository:
"""
+ _error->Warning(_("The data from '%s' is not signed. All packages from "
+ "that repository can not be authenticated."),
+ MetaIndexURIDesc.c_str());
"""
I think for the future we actually should not allow a apt-get update
of untrusted repos without --allow-unauthenticated or
[trusted=no]. But this will probably break some setups so we need to
be careful and not rush it.
Cheers,
Michael
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
