On 2017-01-12 15:02:32 -0000 (-0000), Edmund Rhudy (BLOOMBERG/ 120 PARK) wrote: [...] > 2) I don't know why the OSIC Ubuntu mirror is unsigned. I feel > like it should be a straight clone of Canonical's repos so that > the baked-in signing key for the Ubuntu base image will just work, > but presumably it's this way for a reason?
These mirrors have their package indices regenerated at each update to prevent index inconsistencies which tend to plague other package mirroring implementations. We've (the Infra team) discussed switching to directly copying from an official mirror instead and running some sort of consistency checker before releasing the update to our mirror network, but so far nobody has found time to finish work on that solution. > 3) Specify a custom apt preferences in the gate to allow > installing unauthenticated packages in the containers (ugly). [...] This is what we do currently on our untrusted single-use job nodes. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev