Russ Allbery <r...@debian.org> writes: > There was some discussion of periodically resigning the security archive > even if there are no updates so that package managers could warn if more > than X days had gone by without an update to the security archive > signatures. I don't know if anyone has concrete plans to implement that.
The Release file in the repository has now a Valid-Until field that invalidates the repository after some time without updates. This can be used to detect a mirror provided outdated packages. I am not sure whether APT checks this or not. I hope it does. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87k4qc90bc....@marvin.43-1.org