<deep breath> Given that this appears to be an update phasing problem between various servers/mirrors, is it feasible to add a behaviour whereby apt tries to use the same server that was used for the last update as a preferred source for packages to be upgraded at least for the first attempt and perhaps within a day or two of the update ? <cache dns result between updates>

Should this behaviour be promulgated in the other package management systems (aptitude, synaptic ...) ?

Is there an option to display the identity of source servers ?

piwakawaka:~# apt-get source apt
Reading package lists... Done
Building dependency tree... Done
Need to get 1673kB of source archives.
Get:1 http://http.us.debian.org sid/main apt 0.6.45 (dsc) [784B]
Get:2 http://http.us.debian.org sid/main apt 0.6.45 (tar) [1672kB]
Fetched 1673kB in 11s (147kB/s)
gpg: Signature made Thu Jul 27 11:01:18 2006 NZST using DSA key ID 5662C734
gpg: Can't check signature: public key not found
dpkg-source: extracting apt in apt-0.6.45
dpkg-source: unpacking apt_0.6.45.tar.gz
piwakawaka:~#

I assume this means I can't trust this sourcecode.

I've looked for any reference to why a new gpg signature was made on 27Jul to no avail. I assume it is related to the recent compromise. Can anyone enlighten me ?



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to