unsigned repositories
Henning Sprang
henning_sprang at gmx.de
Thu Sep 21 14:34:44 CEST 2006
On 9/21/06, Thomas Lange <lange at informatik.uni-koeln.de> wrote:
> >>>>> On Thu, 21 Sep 2006 12:26:08 +0200, Juraj Holtak <juraj.holtak at proaut.org>
> said:
>
> > as you can see from my previous email (fai-client), I have the same problem
> > with unsigned repositories even with your repositories for the developer pool
>
> > any idea what it could be?
AFAIK since etch apt's default policy is to not install unsigned packages.
We had a bug report in fai that the process we used to avoid this
shoud be removed. (somewhere in apt preferences or in the actual call
to apt, I am not sure).
It seems this bug report has been fixed, but the solution is causing
trouble to some users, even those who just want to use FAI's extra
repositories which are also unsigned.
Look into apt preferences to fix that, mayve you have to write a hook
to put the right apt config in place before installing software.
> No. ATM I do not have the time to look into the unsigned/signed
> repository topic. I hope that someone else will care about this.
But didn't you put the mentioned fix in?
As I said in the thread about the mentioned bug, I am not convinved
that forcing this stuff to people is helpful - security ignorant
admins will find enough ways to trash their infrastructure, and
security aware admins have lots of ways to set high security levels.
If we force (or, in this case, not unforce) signed repos, we must at
least be consequent and sign our own repository.
Henning
More information about the linux-fai
mailing list