<deep breath> Given that this appears to be an update phasing problem between
various servers/mirrors, is it feasible to add a behaviour whereby apt tries to
use the same server that was used for the last update as a preferred source for
packages to be upgraded at least for the first attempt and perhaps within a day
or two of the update ? <cache dns result between updates>
Should this behaviour be promulgated in the other package management systems
(aptitude, synaptic ...) ?
Is there an option to display the identity of source servers ?
piwakawaka:~# apt-get source apt
Reading package lists... Done
Building dependency tree... Done
Need to get 1673kB of source archives.
Get:1 http://http.us.debian.org sid/main apt 0.6.45 (dsc) [784B]
Get:2 http://http.us.debian.org sid/main apt 0.6.45 (tar) [1672kB]
Fetched 1673kB in 11s (147kB/s)
gpg: Signature made Thu Jul 27 11:01:18 2006 NZST using DSA key ID 5662C734
gpg: Can't check signature: public key not found
dpkg-source: extracting apt in apt-0.6.45
dpkg-source: unpacking apt_0.6.45.tar.gz
piwakawaka:~#
I assume this means I can't trust this sourcecode.
I've looked for any reference to why a new gpg signature was made on 27Jul to
no avail. I assume it is related to the recent compromise. Can anyone enlighten
me ?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
